Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

elextensions — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting elextensions. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ELEXtensions operates as a developer of WordPress plugins, primarily focusing on e-commerce solutions and SEO optimization tools for online retailers. Security audits have identified twenty-five distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, highlighting significant risks for users relying on these extensions. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls within the plugin codebase. These defects allow attackers to compromise website integrity, steal user data, or gain administrative access. While specific major public incidents are not widely documented in mainstream media, the high volume of CVEs indicates a pattern of recurring security deficiencies. Organizations using ELEXtensions products must prioritize regular updates and rigorous security monitoring to mitigate these known risks and protect their digital infrastructure from exploitation.

Top products by elextensions: ELEX WordPress HelpDesk & Customer Ticketing System ELEX WooCommerce Dynamic Pricing and Discounts ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes ELEX WooCommerce Request a Quote ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) ELEX Product Feed for WooCommerce ReachShip WooCommerce Multi-Carrier & Conditional Shipping ELEX WooCommerce Google Shopping (Google Product Feed) WSChat – WordPress Live Chat
CVE IDTitleCVSSSeverityPublished
CVE-2025-68837 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 6.5 Medium2026-02-20
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 5.3 Medium2026-02-05
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-79 7.2 High2025-12-21
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-269 6.3 Medium2025-12-02
CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-639 4.3 Medium2025-11-21
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-434 9.8 Critical2025-11-21
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12751 WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset — WSChat – WordPress Live ChatCWE-862 4.3 Medium2025-11-19
CVE-2025-10046 ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction — ELEX WooCommerce Google Shopping (Google Product Feed)CWE-89 4.9 Medium2025-09-06
CVE-2025-53213 WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability — ReachShip WooCommerce Multi-Carrier & Conditional ShippingCWE-434 9.9 Critical2025-08-20
CVE-2025-47645 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability — ELEX WooCommerce Advanced Bulk Edit Products, Prices & AttributesCWE-89 8.5 High2025-07-16
CVE-2025-47658 WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-434 9.9 Critical2025-05-23
CVE-2025-47643 WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability — ELEX Product Feed for WooCommerceCWE-89 7.6 High2025-05-07
CVE-2025-3280 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection — ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)CWE-89 6.5 Medium2025-04-24
CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability — ELEX WooCommerce Request a QuoteCWE-862 4.3 Medium2025-03-31
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 8.8 High2025-02-01
CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability — ELEX WooCommerce Advanced Bulk Edit Products, Prices & AttributesCWE-89 7.6 High2025-01-07
CVE-2024-12266 ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-862 6.5 Medium2024-12-24
CVE-2024-31364 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-352 4.3 Medium2024-04-12
CVE-2024-32105 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-352 4.3 Medium2024-04-11
CVE-2024-31255 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-79 7.1 High2024-04-07

This page lists every published CVE security advisory associated with elextensions. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.