4 matches found
EUVD-2026-39625
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-54822 WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
CVE-2026-54822
Summary: CVE-2026-54822 affects the WordPress plugin case “SALESmanago & Leadoo” (versions up to 3.11.2). The vulnerability is a Subscriber SQL Injection in the plugin’s handling of subscriber data, with the root cause not explicitly detailed beyond the SQL injection label. The CVSS metrics indic...
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...