exploitDog

CVE-2025-47658

Опубликовано: 23 мая 2025

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

EPSS Низкий

Описание

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through 3.2.7.

Ссылки

https://patchstack.com/database/wordpress/plugin/elex-helpdesk-customer-support-ticket-system/vulnerability/wordpress-elex-wordpress-helpdesk-customer-ticketing-system-3-2-7-arbitrary-file-upload-vulnerability?_s_id=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elula:wsdesk:*:*:*:*:free:wordpress:*:*

Версия до 3.3.0 (исключая)

EPSS

Процентиль: 26%

0.00094

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-p2p2-vfxx-r5rp

CVSS3: 9.9

github

9 месяцев назад

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through 3.2.7.

EPSS

Процентиль: 26%

0.00094

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434