CVE-2025-10054
📋 TL;DR
The ELEX WordPress HelpDesk plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to remove administrator and agent roles from any user. This affects all WordPress sites using the plugin up to version 3.3.1. Attackers can escalate privileges by demoting legitimate administrators.
💻 Affected Systems
- ELEX WordPress HelpDesk & Customer Ticketing System
📦 What is this software?
Wsdesk by Elula
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers demote all administrators, then create new admin accounts to gain full control over the WordPress installation.
Likely Case
Disruption of helpdesk operations by removing legitimate agents and supervisors, potentially combined with privilege escalation to gain administrative access.
If Mitigated
Limited impact if proper user role management and monitoring are in place, with quick detection of unauthorized role changes.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via crafted AJAX requests to the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3399391/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ELEX HelpDesk & Customer Support Ticket System'. 4. Click 'Update Now' if available, or download latest version from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate elex-helpdesk-customer-support-ticket-system
Role-Based Access Restriction
allTemporarily restrict subscriber access or implement additional capability checks
🧯 If You Can't Patch
- Implement web application firewall rules to block requests to the vulnerable 'eh_crm_remove_agent' endpoint
- Enable detailed user role change logging and implement alerts for suspicious privilege modifications
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 3.3.1 or lower, you are vulnerable.Check Version:
wp plugin get elex-helpdesk-customer-support-ticket-system --field=versionVerify Fix Applied:
Verify plugin version is 3.3.2 or higher. Test that only users with proper capabilities can modify agent roles.📡 Detection & Monitoring
Log Indicators:
- Unusual user role changes, especially administrator to subscriber
- Multiple POST requests to /wp-admin/admin-ajax.php with action 'eh_crm_remove_agent'
- Failed login attempts followed by successful subscriber login and role modification
Network Indicators:
- HTTP POST requests to admin-ajax.php with 'action=eh_crm_remove_agent' parameter from non-admin users
SIEM Query:
source="wordpress.log" AND ("eh_crm_remove_agent" OR "user role changed" OR "capabilities removed")