cleantalk
Vulnerabilities and Security Researches

ELEX WordPress HelpDesk & Customer Ticketing System, CVE-2025-14079

CVE, Research URL

CVE-2025-14079

Home page URL

Security reports for ELEX WordPress HelpDesk & Customer Ticketing System

Application

ELEX WordPress HelpDesk & Customer Ticketing System

Published on
Feb 05, 2026
Research Description
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a shared nonce that is exposed to low-privileged users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global WSDesk settings via the `eh_crm_ticket_general` AJAX action.
Affected versions
max 3.3.6.
Status
vulnerable
Previous vulnerability researches
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-54253) , Dec 11, 2024
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-69312) , Feb 27, 2026
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-12584) , Jan 08, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-63044) , Dec 11, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-2108) , Mar 21, 2025
New vulnerability
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026
Bold Page Builder (CVE-2025-12159) , Feb 28, 2026
Bold Page Builder (CVE-2025-15267) , Feb 28, 2026
Bold Page Builder (CVE-2025-12803) , Feb 28, 2026