61 matches found
CVE-2025-0796 Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...
CVE-2025-0796 Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...
WordPress Mortgage Lead Capture System plugin <= 8.2.11 - Cross-Site Request Forgery to Settings Reset vulnerability
Cross-Site Request Forgery to Settings Reset vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Mortgage Lead Capture System versions = 8.2.11...
WordPress Beacon Lead Magnets and Lead Capture Plugin <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Beacon Lead Magnets and Lead Capture versions = 1.5.7...
CVE-2024-11353
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletemessage function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-11353
CVE-2024-11353 affects the WordPress plugin SMS for Lead Capture Forms (ClickSend Lead Capture Form). The vulnerability is a missing capability check in the delete_message() function across all versions up to 1.1.0, allowing authenticated attackers with Subscriber+ privileges to perform unauthori...
WordPress plugin SMS for Lead Capture Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...
Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...
WordPress Wise Agent Lead Capture Forms plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Wise Agent Lead Capture Forms plugin versions = 1.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress vTiger Plugin - Unknown Vulnerability
This plugin is prone to CRM lead capture unspecified vulnerability. Solution Update the plugin...
Lead Capture Page System Multiple Vulnerabilties
Exploit for php platform in category web applications Lead Capture Page System Multiple Vulnerabilties ============================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:. Script :...
Lead Capture Page System 'message' Parameter Cross Site Scripting Vulnerability
Lead Capture Page System is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-0932
Cross-site scripting XSS vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2012-0932
Cross-site scripting XSS vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2012-0932
CVE-2012-0932 concerns a cross-site scripting (XSS) vulnerability in Lead Capture Page System’s admin/login.php, exploitable via the message parameter. The issue allows remote attackers to inject arbitrary web script or HTML, as documented in multiple sources (NVD, OpenVAS, CVE listings). The rel...
Lead Capture - login.php Script Cross-Site Scripting
Lead Capture - login.php Script Cross-Site Scripting source: https://www.securityfocus.com/bid/51785/info Lead Capture is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script cod...
Lead Capture - 'login.php' Script Cross-Site Scripting
source: https://www.securityfocus.com/bid/51785/info Lead Capture is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...
Lead Capture Page System Authentication Bypass
Lead Capture Page System Authentication Bypass Vulnerability Software : Lead Capture Page System Date : 1/12/2012 Vendor : http://leadcapturepagesystem.com Get App. : http://leadcapturepagesystem.com/order.php?id=1 Price : $235 Dork : intext:"Powered By Lead Capture Page System" Author : ITTIHACK...