PT-2025-51050 · WordPress · Happy – Helpdesk Support Ticket System
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-14581
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HAPPY – Helpdesk Support Ticket System plugin for WordPress versions through 1.0.9
Description
The HAPPY – Helpdesk Support Ticket System plugin for WordPress has a flaw where authorization checks are missing for the
submit form reply AJAX action. This allows authenticated attackers with Subscriber-level access or higher to submit replies to any support ticket by changing the happy topic id parameter, even if they are not the ticket owner or assigned to the ticket. The affected API endpoint is the submit form reply AJAX action. The vulnerable parameter is happy topic id.Recommendations
Update the HAPPY – Helpdesk Support Ticket System plugin to a version later than 1.0.9.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Happy – Helpdesk Support Ticket System