21 matches found
EUVD-2020-30791
Malware in sbrugna...
EUVD-2020-3861
Malware in sbrugna...
EUVD-2020-3862
Malware in sbrugna...
CVE-2020-36839
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as...
CVE-2020-36839
The CVE covers the WordPress plugin WP Lead Plus X, affected through version 0.99. The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions, enabling unauthenticated attackers to trigger administrative actions such as adding pages or inje...
WordPress plugin WP Lead Plus X 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2024-10849 · WordPress · Wp Lead Plus X
Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin for WordPress versions up to, and including, 0.99 Description: The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions. This...
WordPress WP Lead Plus X Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...
WordPress WP Lead Plus X Cross-Site Scripting Vulnerability (CNVD-2020-22307)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...
CVE-2020-11509
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...
CVE-2020-11509
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...
CVE-2020-11508
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...
Cross site scripting
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...
CVE-2020-11509
WP Lead Plus X plugin for WordPress is affected by an unauthenticated stored XSS vulnerability up to version 0.98 (also described as through 0.98 with PoC guidance toward 0.99+). The issue arises from the c37_wpl_import_template admin-post action, allowing attackers to upload page templates conta...
CVE-2020-11509
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...
CVE-2020-11508
CVE-2020-11508 affects WordPress WP Lead Plus X plugin up to version 0.98. The vulnerability is an XSS flaw in the page builder caused by an unprotected AJAX action wp_ajax_core37_lp_save_page, allowing a logged-in user with minimal permissions to save or replace pages with arbitrary JavaScript. ...
WordPress WP Lead Plus X plugin <= 0.98 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...
WordPress WP Lead Plus X plugin <= 0.99 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.99. Solution Patched version not available according to WordFence...
WP Lead Plus X <= 0.99 - Multiple Cross-Site Request Forgery (CSRF)
None of the functions in this plugin use nonce checks, so it is possible for an attacker to perform any action that the plugin is capable of by tricking an administrator into clicking a specially crafted link designed to perform that action. This includes capabilities such as adding new pages,...
WP Lead Plus X < 0.99 - Unauthenticated Stored Cross-Site Scripting (XSS)
One of the features available to users who have paid for a license key for WP Lead Plus X is the ability to create and use "template" pages, which can be imported as a starting point when creating new pages. Although this feature is not visible if the plugin does not have a license key, it was...