CVE-2026-1890
CVE-2026-1890 concerns the WordPress plugin LeadConnector prior to 3.0.22. The issue is an unauthenticated REST route that lacks proper authorization, allowing unauthenticated callers to invoke the route and overwrite existing data. The CVSS 3.1 base score is 5.3 (Medium), with network attack vec...