EUVD-2026-22301

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

CVE-2025-14428

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

CVE-2024-7643

A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The atta...

SourceCodester Leads Manager Tool SQL注入漏洞

SourceCodester Leads Manager Tool is a Leads Management Tool from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Leads Manager Tool version 1.0, which originates from a SQL injection vulnerability in the Delete Leads Handler component on the /endpoint/delete-leads.php...

CVE-2024-7643 SourceCodester Leads Manager Tool Delete Leads delete-leads.php sql injection

A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The atta...

CVE-2024-7643

SourceCodester Leads Manager Tool 1.0 contains a SQL injection vulnerability in the Delete Leads Handler, specifically the file /endpoint/delete-leads.php where the leads argument is vulnerable. Exploitation can be remote, and the exploit has been disclosed publicly. Multiple connected sources co...

CVE-2024-7643 SourceCodester Leads Manager Tool Delete Leads delete-leads.php sql injection

A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The atta...

PT-2024-38475 · Sourcecodester · Sourcecodester Leads Manager Tool

Name of the Vulnerable Software and Affected Versions: SourceCodester Leads Manager Tool version 1.0 Description: A critical issue was found in the Delete Leads Handler component, specifically in the file /endpoint/delete-leads.php. The leads argument is vulnerable to SQL injection, which can be...

CVE-2022-0657

The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-0657

The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection...