Lucene search
K

6 matches found

CVE
CVE
added 2025/07/02 2:3 a.m.33 views

CVE-2025-5692

The CVE-2025-5692 entry concerns the WordPress plugin Lead Form Data Collection to CRM (versions up to and including 3.1). It states a missing capability check in multiple functions within LB_admin_ajax.php (notably doFieldAjaxAction), allowing authenticated users with Subscriber-level access and...

6.3CVSS6.9AI score0.00207EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.3 views

PT-2025-27582 · WordPress · Lead Form Data Collection To Crm

Name of the Vulnerable Software and Affected Versions: Lead Form Data Collection to CRM plugin for WordPress versions up to, and including, 3.1 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the doFieldAjaxActi...

8.8CVSS7AI score0.00207EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.13 views

CVE-2025-47690

Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...

8.8CVSS7.2AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 1:15 p.m.10 views

CVE-2025-47690

Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...

8.8CVSS0.00298EPSS
Exploits0References1
CVE
CVE
added 2025/05/23 12:43 p.m.60 views

CVE-2025-47690

The CVE-2025-47690 entry concerns the WordPress plugin Lead Form Data Collection to CRM. A missing authorization check in the plugin’s AJAX handling (LB_admin_ajax.php) affects all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to perform privileged action...

8.8CVSS7.2AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 10:54 a.m.13 views

CVE-2025-30810 WordPress Lead Form Data Collection to CRM plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.0.1...

8.5CVSS0.00412EPSS
Exploits0References1
Rows per page
Query Builder