PRP: ELEX HelpDesk & Customer Ticketing System Wordpress plugin CVE-2025-11456 Unauthenticated Arbitrary File Upload

[0xXA]

• Identifier of the vulnerability: CVE-2025-11456
• Affected software: ELEX WordPress HelpDesk & Customer Ticketing System
• Type of vulnerability: Unauthenticated Arbitrary File Upload
• Requires authentication: No
• Language you would use for writing the plugin: Templated plugins
• Resources:
  • https://www.cve.org/CVERecord?id=CVE-2025-11456
  • https://wordpress.org/plugins/elex-helpdesk-customer-support-ticket-system

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team

[github-actions]

This message is addressed to the Tsunami panel.

Contributor stats

• The contributor has 0 issues tagged as main;
• The contributor has 0 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor