Lucene search
K

61 matches found

Vulnrichment
Vulnrichment
added 2025/02/18 4:21 a.m.7 views

CVE-2025-0796 Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...

4.3CVSS7.2AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/18 4:21 a.m.16 views

CVE-2025-0796 Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...

4.3CVSS0.00184EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/17 9:51 p.m.5 views

WordPress Mortgage Lead Capture System plugin <= 8.2.11 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Mortgage Lead Capture System versions = 8.2.11...

4.3CVSS7AI score0.00184EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/06 7:49 p.m.4 views

WordPress Beacon Lead Magnets and Lead Capture Plugin <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Beacon Lead Magnets and Lead Capture versions = 1.5.7...

7.1CVSS6.1AI score0.00257EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/12/07 2:15 a.m.14 views

CVE-2024-11353

The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletemessage function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00304EPSS
Exploits0References3
CVE
CVE
added 2024/12/07 1:45 a.m.39 views

CVE-2024-11353

CVE-2024-11353 affects the WordPress plugin SMS for Lead Capture Forms (ClickSend Lead Capture Form). The vulnerability is a missing capability check in the delete_message() function across all versions up to 1.1.0, allowing authenticated attackers with Subscriber+ privileges to perform unauthori...

4.3CVSS4.4AI score0.00304EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/07 12:0 a.m.6 views

WordPress plugin SMS for Lead Capture Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS8.2AI score0.00304EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/12/06 1:10 p.m.5 views

WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...

4.3CVSS7AI score0.00304EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.144 views

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...

5.4CVSS0.2AI score0.00558EPSS
Exploits2
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.16 views

WordPress Wise Agent Lead Capture Forms plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Wise Agent Lead Capture Forms plugin versions = 1.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.4AI score0.00895EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.7 views

WordPress vTiger Plugin - Unknown Vulnerability

This plugin is prone to CRM lead capture unspecified vulnerability. Solution Update the plugin...

3AI score
Exploits0References1Affected Software1
0day.today
0day.today
added 2013/06/14 12:0 a.m.26 views

Lead Capture Page System Multiple Vulnerabilties

Exploit for php platform in category web applications Lead Capture Page System Multiple Vulnerabilties ============================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:. Script :...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2012/02/02 12:0 a.m.23 views

Lead Capture Page System 'message' Parameter Cross Site Scripting Vulnerability

Lead Capture Page System is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.8AI score0.01628EPSS
Exploits1References4
NVD
NVD
added 2012/01/29 4:4 a.m.18 views

CVE-2012-0932

Cross-site scripting XSS vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter...

4.3CVSS5.7AI score0.01628EPSS
Exploits1References4
Prion
Prion
added 2012/01/29 4:4 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter...

4.3CVSS6.1AI score0.01628EPSS
Exploits1References4
Cvelist
Cvelist
added 2012/01/29 2:0 a.m.23 views

CVE-2012-0932

Cross-site scripting XSS vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter...

5.7AI score0.01628EPSS
Exploits1References4
CVE
CVE
added 2012/01/29 2:0 a.m.47 views

CVE-2012-0932

CVE-2012-0932 concerns a cross-site scripting (XSS) vulnerability in Lead Capture Page System’s admin/login.php, exploitable via the message parameter. The issue allows remote attackers to inject arbitrary web script or HTML, as documented in multiple sources (NVD, OpenVAS, CVE listings). The rel...

4.3CVSS5.8AI score0.01628EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2012/01/21 12:0 a.m.14 views

Lead Capture - login.php Script Cross-Site Scripting

Lead Capture - login.php Script Cross-Site Scripting source: https://www.securityfocus.com/bid/51785/info Lead Capture is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script cod...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/21 12:0 a.m.21 views

Lead Capture - &#039;login.php&#039; Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/51785/info Lead Capture is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/13 12:0 a.m.28 views

Lead Capture Page System Authentication Bypass

Lead Capture Page System Authentication Bypass Vulnerability Software : Lead Capture Page System Date : 1/12/2012 Vendor : http://leadcapturepagesystem.com Get App. : http://leadcapturepagesystem.com/order.php?id=1 Price : $235 Dork : intext:"Powered By Lead Capture Page System" Author : ITTIHACK...

0.5AI score
Exploits0
Rows per page
Query Builder