Vulners
Lucene search
CVE-2022-41978
🗓️ 09 Nov 2022 15:46:23Reported by PatchstackType 
cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 59 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | WordPress Plugin Zoho CRM Lead Magnet 权限许可和访问控制问题漏洞 | 9 Nov 202200:00 | – | cnnvd |
 | CVE-2022-41978 WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability | 9 Nov 202215:46 | – | cvelist |
 | EUVD-2022-45082 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-41978 | 9 Nov 202216:15 | – | nvd |
 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.6.1 - Auth. Arbitrary Options Update vulnerability | 27 Oct 202200:00 | – | patchstack |
 | Code injection | 9 Nov 202216:15 | – | prion |
 | PT-2022-26197 · Zoho · Zoho Crm Lead Magnet Plugin | 9 Nov 202200:00 | – | ptsecurity |
 | CVE-2022-41978 WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability | 9 Nov 202215:46 | – | vulnrichment |
 | Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update | 27 Oct 202200:00 | – | wpexploit |
 | Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update | 27 Oct 202200:00 | – | wpvulndb |
10
Node
[
{
"product": "Zoho CRM Lead Magnet (WordPress plugin)",
"vendor": "Zoho CRM",
"versions": [
{
"lessThanOrEqual": "1.7.5.8",
"status": "affected",
"version": "<= 1.7.5.8",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| tp_title_key | query param | /wp-admin/admin-ajax.php?action=zcf_save_contact_form_title&nonce=&tp_title_key=blogname&tp_title_val=Changed%20by%20Subscriber | Arbitrary options update via unauthenticated/insufficiently protected AJAX action allowing modification of blog options. | CWE-264 |
| tp_title_val | query param | /wp-admin/admin-ajax.php?action=zcf_save_contact_form_title&nonce=&tp_title_key=blogname&tp_title_val=Changed%20by%20Subscriber | Arbitrary options update via unauthenticated/insufficiently protected AJAX action allowing modification of blog options. | CWE-264 |
| shortcode | query param | /wp-admin/admin-ajax.php?action=mainActionscrmForms&operation=NoFieldOperation&doaction=SaveFormSettings&shortcode=blogname&thirdparty_title=Owned | Arbitrary options update via POST body in AJAX action enabling update of plugin/blog options. | CWE-264 |
| thirdparty_title | query param | /wp-admin/admin-ajax.php?action=mainActionscrmForms&operation=NoFieldOperation&doaction=SaveFormSettings&shortcode=blogname&thirdparty_title=Owned | Arbitrary options update via POST body in AJAX action enabling update of plugin/blog options. | CWE-264 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Apr 2026 16:07Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.16.5 - 8.8
EPSS0.04502
SSVC