Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ELEXtensions — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting ELEXtensions. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ELEXtensions operates as a developer of WordPress plugins, primarily focusing on e-commerce solutions and SEO optimization tools for online retailers. Security audits have identified twenty-five distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, highlighting significant risks for users relying on these extensions. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls within the plugin codebase. These defects allow attackers to compromise website integrity, steal user data, or gain administrative access. While specific major public incidents are not widely documented in mainstream media, the high volume of CVEs indicates a pattern of recurring security deficiencies. Organizations using ELEXtensions products must prioritize regular updates and rigorous security monitoring to mitigate these known risks and protect their digital infrastructure from exploitation.

Found 13 results / 25Clear Filters
Top products by ELEXtensions: ELEX WordPress HelpDesk & Customer Ticketing System ELEX WooCommerce Dynamic Pricing and Discounts ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes ELEX WooCommerce Request a Quote ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) ELEX Product Feed for WooCommerce ReachShip WooCommerce Multi-Carrier & Conditional Shipping ELEX WooCommerce Google Shopping (Google Product Feed) WSChat – WordPress Live Chat
CVE IDTitleCVSSSeverityPublished
CVE-2025-68837 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 6.5 Medium2026-02-20
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 5.3 Medium2026-02-05
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-79 7.2 High2025-12-21
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-269 6.3 Medium2025-12-02
CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-639 4.3 Medium2025-11-21
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-434 9.8 Critical2025-11-21
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-47658 WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-434 9.9 Critical2025-05-23
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 8.8 High2025-02-01

This page lists every published CVE security advisory associated with ELEXtensions. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.