This vulnerability involves missing authorization checks in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (versions ≤ 3.3.5). It allows users with limited privileges to bypass access control restrictions, potentially leading to unauthorized actions that impact the integrity of the system. The CVSS vector indicates the attack can be performed remotely over the network with low complexity and requires privileges but no user interaction. Confidentiality is not impacted, but integrity is compromised, and availability remains unaffected.

The vulnerability allows an attacker with some level of privileges to perform unauthorized actions due to incorrect access control configuration. This impacts the integrity of the affected system by enabling unauthorized modifications or operations within the HelpDesk and ticketing system. There is no impact on confidentiality or availability according to the CVSS vector. No known exploits have been reported in the wild at this time.

Patch status is not yet confirmed — no official patch or remediation guidance is currently available from the vendor or advisory sources. Users should monitor the vendor’s official channels for updates and apply any forthcoming patches promptly. Until a fix is released, review and tighten access control configurations where possible to limit exposure.