CVE-2024-12171
Published: 01 February 2025
Description
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new administrative user accounts.
Security Summary
CVE-2024-12171 is a privilege escalation vulnerability in the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress, stemming from a missing capability check on the 'eh_crm_agent_add_user' AJAX action. It affects all versions up to and including 3.2.6. The issue is classified under CWE-862 (Missing Authorization) with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending a crafted AJAX request to the 'eh_crm_agent_add_user' action, they can create new administrative user accounts, effectively granting themselves or others full administrative privileges on the targeted WordPress site.
Wordfence published threat intelligence on the vulnerability, and remediation is available via patches in the WordPress plugin trac repository, including changesets such as 3227859 in class-crm-ajax-functions-one.php and related updates around changeset 3213791. Security practitioners should update to a version beyond 3.2.6 and review existing low-privilege accounts for signs of abuse.
Details
- CWE(s)