Description
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited "Reply Tickets" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data.
Published: 2025-12-02
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation in a WordPress helpdesk plugin
Action: Immediate Patch
AI Analysis

Impact

The ELEX WordPress HelpDesk & Customer Ticketing System plugin is vulnerable because the AJAX action "eh_crm_edit_agent" lacks proper authorization checks. An authenticated attacker who holds a Contributor role or higher can call this action and turn their limited "Reply Tickets" permissions into full administrator rights. The result is unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data. The vulnerability is a classic privilege‑escalation flaw (CWE‑269).

Affected Systems

Vendor: elextensions. Product: ELEX WordPress HelpDesk & Customer Ticketing System. All versions up to and including 3.3.2 are susceptible. Users of the free WordPress variant as well as the paid versions, where the plugin is active, must verify their version and upgrade if necessary.

Risk and Exploitability

The CVSS score of 6.3 indicates a medium severity threat, while the EPSS score of less than 1% signals a very low likelihood of exploitation at the present time. It is not listed in the CISA Know‑Exploit‑Vulnerabilities catalog. The attack requires an authenticated session with at least Contributor privileges and access to the WordPress backend to trigger the vulnerable AJAX call. If those conditions are met, the attacker can elevate privileges without needing to exploit additional vulnerabilities or execute arbitrary code.

Generated by OpenCVE AI on April 22, 2026 at 03:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ELEX WordPress HelpDesk & Customer Ticketing System plugin to the latest version that removes the missing authorization check.
  • If an immediate upgrade is not possible, limit the Contributor role’s capabilities on the platform or temporarily disable the "eh_crm_edit_agent" AJAX action in the plugin’s configuration.
  • Monitor user activity logs for any abnormal ticket‑management actions that could indicate abuse of elevated privileges.

Generated by OpenCVE AI on April 22, 2026 at 03:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Dec 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Elula
Elula wsdesk
CPEs cpe:2.3:a:elula:wsdesk:*:*:*:*:free:wordpress:*:*
Vendors & Products Elula
Elula wsdesk

Thu, 04 Dec 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Elextensions
Elextensions elex Wordpress Plugin
Wordpress
Wordpress wordpress
Vendors & Products Elextensions
Elextensions elex Wordpress Plugin
Wordpress
Wordpress wordpress

Tue, 02 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Dec 2025 08:30:00 +0000

Type Values Removed Values Added
Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited "Reply Tickets" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data.
Title ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Elextensions Elex Wordpress Plugin
Elula Wsdesk
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:45:56.042Z

Reserved: 2025-11-21T21:23:47.412Z

Link: CVE-2025-13534

cve-icon Vulnrichment

Updated: 2025-12-02T15:29:28.598Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-02T09:15:47.380

Modified: 2025-12-04T18:04:48.967

Link: CVE-2025-13534

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T04:00:08Z

Weaknesses