45 matches found
CVE-2026-10835
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
EUVD-2026-39625
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-10835
The CVE-2026-10835 entry concerns the SALESmanago & Leadoo WordPress plugin, affected versions before 3.11.3. The vulnerability arises from improper sanitisation/escaping of a parameter in an AJAX action before it is used in a SQL statement, coupled with missing authorization enforcement for that...
CVE-2026-10835 SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-54822
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
CVE-2026-54822 WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
CVE-2026-54822
Summary: CVE-2026-54822 affects the WordPress plugin case “SALESmanago & Leadoo” (versions up to 3.11.2). The vulnerability is a Subscriber SQL Injection in the plugin’s handling of subscriber data, with the root cause not explicitly detailed beyond the SQL injection label. The CVSS metrics indic...
EUVD-2026-39364
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...
CVE-2025-68571
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through = 3.9.0...
EUVD-2025-205264
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through = 3.9.0...
CVE-2025-68571
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through = 3.9.0...
CVE-2025-68571 WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through = 3.9.0...
CVE-2025-68571 WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through = 3.9.0...
CVE-2025-68571
CVE-2025-68571 : A missing/incorrectly configured authorization risk in SALESmanago & Leadoo (SALESmanago plugin for WordPress) allows access control bypass. Affected: SALESmanago & Leadoo (salesmanago) versions up to 3.9.0 and earlier; CVSS v3.1 base score 5.3 (Medium) with Network attack vector...
WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SALESmanago versions = 3.9.0...
WordPress plugin SALESmanago 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-53259
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through = 3.9.0...
EUVD-2025-30643
Malicious code in bioql PyPI...
EUVD-2023-54775
Malicious code in bioql PyPI...