VulnCheck KEV: CVE-2026-1890

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

EUVD-2026-16124

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890

CVE-2026-1890 concerns the WordPress plugin LeadConnector prior to 3.0.22. The issue is an unauthenticated REST route that lacks proper authorization, allowing unauthenticated callers to invoke the route and overwrite existing data. The CVSS 3.1 base score is 5.3 (Medium), with network attack vec...

PT-2026-28216

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-25441

CVE-2026-25441 affects the WordPress LeadConnector plugin up to version 3.0.21, described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels in LeadConnector. Impact noted as unauthorized access potential; no exploitation ...

CVE-2025-30893 WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through = 3.0.2...

WordPress plugin LeadConnector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin LeadConnector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LeadConnector plugin <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin LeadConnector versions = 1.7...

WordPress plugin LeadConnector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...

PT-2024-17983 · WordPress · Leadconnector

Name of the Vulnerable Software and Affected Versions: LeadConnector plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to a missing capability check on the lc public api proxy function, which allows unauthenticated attackers to delete arbitrary posts,...