What the vulnerability does
01Description
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Explanation of Vulnerability in Simple Terms
The ELEX WordPress HelpDesk & Customer Ticketing System plugin through version 3.3.6 contains a SQL injection vulnerability in a database query. An authenticated user with low privileges can inject malicious SQL code to read sensitive data from the database. The vulnerability affects the entire site scope and may allow an attacker to extract customer information, ticket details, or other stored data.
What an attacker can do
Read sensitive data from the site's database, including customer information and ticket details.
Potential impact on your site
Customer data, ticket information, and other database records may be exposed to authenticated attackers.
Conditions required to exploit
Attacker must have a low-privilege WordPress user account (e.g., subscriber or customer role).
Key dates
External resources
Related vulnerabilities