CVE-2024-11353

The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletemessage function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress plugin SMS for Lead Capture Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...

WordPress Wise Agent Lead Capture Forms plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Wise Agent Lead Capture Forms plugin versions = 1.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...