Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
ELEX WordPress HelpDesk & Customer Ticketing System Security Risk: Unauthorized Access
CVE-2025-68837
Summary
The ELEX WordPress HelpDesk & Customer Ticketing System has a security weakness that makes it possible for unauthorized users to access sensitive areas of the system. This is because the system's access controls are not properly configured, allowing users with incorrect permissions to bypass security levels. To protect your system, update to version 3.3.6 or later.
Original title
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access ...
Original description
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026