{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14079", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T22:50:16.724Z", "datePublished": "2026-02-05T09:13:44.547Z", "dateUpdated": "2026-04-08T16:59:59.143Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:59.143Z"}, "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a shared nonce that is exposed to low-privileged users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global WSDesk settings via the `eh_crm_ticket_general` AJAX action."}], "title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd3ea16-4706-4573-b905-93dff434968d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/tags/3.3.4/includes/class-crm-ajax-functions-one.php#L15"}, {"url": "https://plugins.trac.wordpress.org/changeset/3449609/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "timeline": [{"time": "2025-12-04T23:05:24.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-04T20:43:43.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-05T14:49:32.671322Z", "id": "CVE-2025-14079", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:49:42.398Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14079", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-05T14:49:32.671322Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:49:36.638Z"}}], "cna": {"title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T23:05:24.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-04T20:43:43.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd3ea16-4706-4573-b905-93dff434968d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/tags/3.3.4/includes/class-crm-ajax-functions-one.php#L15"}, {"url": "https://plugins.trac.wordpress.org/changeset/3449609/"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a shared nonce that is exposed to low-privileged users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global WSDesk settings via the `eh_crm_ticket_general` AJAX action."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:59.143Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14079", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:59:59.143Z", "dateReserved": "2025-12-04T22:50:16.724Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-05T09:13:44.547Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a shared nonce that is exposed to low-privileged users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global WSDesk settings via the `eh_crm_ticket_general` AJAX action."}, {"lang": "es", "value": "El plugin ELEX WordPress HelpDesk &amp; Customer Ticketing System para WordPress es vulnerable a la falta de autorizaci\u00f3n en todas las versiones hasta la 3.3.5, inclusive. Esto se debe a la falta de comprobaciones de capacidad en la funci\u00f3n eh_crm_ticket_general, combinado con un nonce compartido que est\u00e1 expuesto a usuarios con pocos privilegios. Esto hace posible que atacantes autenticados, con acceso de nivel de Suscriptor y superior, modifiquen la configuraci\u00f3n global de WSDesk a trav\u00e9s de la acci\u00f3n AJAX 'eh_crm_ticket_general'."}], "id": "CVE-2025-14079", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-05T10:16:02.050", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/tags/3.3.4/includes/class-crm-ajax-functions-one.php#L15"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3449609/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd3ea16-4706-4573-b905-93dff434968d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:04:58.940878+00:00", "value": {"mitigation_remediation": ["Upgrade the ELEX WordPress HelpDesk & Customer Ticketing System plugin to the latest version (higher than 3.3.5) to apply the missing\u2011capability fix.", "If an updated version is not available, remove or disable the eh_crm_ticket_general AJAX endpoint from the plugin, for example by editing the plugin file or using a custom plugin that removes that action.", "Restrict Subscriber role capabilities, ensuring that users with that role cannot perform AJAX actions that alter global settings, using a role\u2011management plugin or custom code.", "Review audit logs for unauthorized changes to plugin settings and monitor for suspicious activity."], "summary": {"action": "Patch plugin", "impact": "Unauthorized Configuration Change"}, "threat_synthesis": {"affected_systems": "The affected product is the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. Versions up to and including 3.3.5 are vulnerable. The issue applies to all environments where the plugin is installed and the user role is Subscriber or higher.", "description_and_impact": "The vulnerability arises from missing capability checks in the eh_crm_ticket_general function, allowing an authenticated user with Subscriber-level access or higher to invoke the AJAX action and modify global WSDesk settings. This unauthorized change can alter plugin behavior or expose sensitive data, creating a potential configuration attack.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate risk, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA KEV. Attackers need to be authenticated and possess at least Subscriber level privileges to exploit the missing authorization and send the AJAX request, enabling them to change global plugin settings. Once set, the attacker can potentially alter support ticket workflows, redirect notifications, or manipulate configuration to facilitate further attacks."}}}}, "created": "2026-02-06T12:05:47.267529+00:00", "updated": "2026-04-21T16:15:40.496837+00:00", "vendors": ["elextensions", "elextensions$PRODUCT$elex_wordpress_helpdesk_&_customer_ticketing_system", "wordpress", "wordpress$PRODUCT$wordpress"]}