cleantalk
Vulnerabilities and Security Researches

ELEX WordPress HelpDesk & Customer Ticketing System, CVE-2025-12023

CVE, Research URL

CVE-2025-12023

Home page URL

Security reports for ELEX WordPress HelpDesk & Customer Ticketing System

Application

ELEX WordPress HelpDesk & Customer Ticketing System

Published on
Nov 21, 2025
Research Description
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tickets.
Affected versions
max 3.3.2.
Status
vulnerable
Previous vulnerability researches
Range Slider AddOn for Gravity Forms (CVE-2025-49905) , Nov 11, 2025
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026