CVE-2025-14079
Missing Authorization in ELEX WordPress HelpDesk Plugin Allows Settings Modification
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elex | elex_helpdesk_customer_ticketing_system | to 3.3.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the ELEX WordPress HelpDesk & Customer Ticketing System plugin exists because of missing authorization checks in the function eh_crm_ticket_general. This function lacks proper capability verification and uses a shared nonce that low-privileged users (Subscriber-level and above) can access. As a result, authenticated attackers with minimal privileges can modify global WSDesk settings via the eh_crm_ticket_general AJAX action.
How can this vulnerability impact me? :
This vulnerability allows attackers with Subscriber-level access or higher to modify global settings of the WSDesk helpdesk system without proper authorization. Such unauthorized changes could disrupt the ticketing system's configuration, potentially affecting its operation, security settings, or integration with other systems. Although it does not directly impact confidentiality or availability, it can lead to integrity issues by allowing unauthorized modification of critical settings.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized modification of global WSDesk settings via the `eh_crm_ticket_general` AJAX action by authenticated users with Subscriber-level access or higher.
To detect exploitation attempts on your system or network, you can monitor HTTP requests targeting the AJAX endpoint that handles the `eh_crm_ticket_general` action.
Specifically, look for POST requests to the WordPress admin-ajax.php URL with the parameter `action=eh_crm_ticket_general` coming from users with low privileges.
Example commands to detect such activity include:
- Using web server logs (e.g., Apache or Nginx), search for requests containing `action=eh_crm_ticket_general`: grep 'action=eh_crm_ticket_general' /var/log/apache2/access.log
- Using command-line tools to monitor live traffic for suspicious AJAX calls: sudo tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep 'action=eh_crm_ticket_general'
- Within WordPress, enable logging or auditing plugins that track AJAX requests and user capabilities to identify unauthorized attempts to modify settings.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the ELEX WordPress HelpDesk & Customer Ticketing System plugin to version 3.3.6 or later, where the vulnerability has been addressed.
This update includes extensive code changes that fix missing capability checks and nonce handling to prevent unauthorized users from modifying global settings.
Until the update can be applied, consider restricting access to the AJAX action by limiting user roles that can perform such requests or implementing additional firewall or security plugin rules to block suspicious AJAX calls.
Also, review and monitor your WordPress user roles and permissions to ensure that only trusted users have Subscriber-level or higher access.