CVE-2026-48964
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
There is a SQL Injection vulnerability in ELEX WordPress HelpDesk and Customer Ticketing System versions up to 3.3.6. An attacker can exploit this flaw to execute unauthorized queries against the database.
Risk Assessment
Exploitation of this vulnerability may lead to the disclosure of sensitive data or data manipulation in the database. Organizations should be aware of the risks associated with customer data security.
Recommendation
It is recommended to update the ELEX WordPress HelpDesk and Customer Ticketing System to the latest version to eliminate this vulnerability. Additionally, conducting a security audit of the application is advisable.
Original NVD description (English source)
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

