CVE Catalog

CVE-2026-48964

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

There is a SQL Injection vulnerability in ELEX WordPress HelpDesk and Customer Ticketing System versions up to 3.3.6. An attacker can exploit this flaw to execute unauthorized queries against the database.

Risk Assessment

Exploitation of this vulnerability may lead to the disclosure of sensitive data or data manipulation in the database. Organizations should be aware of the risks associated with customer data security.

Recommendation

It is recommended to update the ELEX WordPress HelpDesk and Customer Ticketing System to the latest version to eliminate this vulnerability. Additionally, conducting a security audit of the application is advisable.

Original NVD description (English source)

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS