PatchSiren

ELEXtensions CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH ELEXtensions CVE published 2026-06-15

CVE-2026-48964

A high-severity SQL injection vulnerability was discovered in the ELEX WordPress HelpDesk & Customer Ticketing System plugin, affecting versions 3.3.6 and below. The vulnerability, tracked as CVE-2026-48964, has a CVSS score of 8.5 and allows authenticated subscribers to inject malicious SQL code.