79 matches found
PT-2025-5208 · Wishfulthemes · Wishfulthemes Email Capture & Lead Generation
Name of the Vulnerable Software and Affected Versions: wishfulthemes Email Capture & Lead Generation versions 1.0.2 and earlier Description: The issue is related to a missing authorization vulnerability in wishfulthemes Email Capture & Lead Generation, which allows exploiting incorrectly configur...
CVE-2024-38790
Cross-Site Request Forgery CSRF vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through = 3.6...
CVE-2024-38790
CVE-2024-38790 is a CSRF vulnerability in the WordPress plugin Smartsupp – live chat, chatbots, AI and lead generation, affecting versions up to 3.6. Root cause: CSRF flaw enabling unauthorized state-changing requests. Impact per provided data: confidentiality and availability remain unaffected; ...
CVE-2024-10580 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submitform function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submi...
The Role of Artificial Intelligence in Lead Generation
Unlock how AI transforms lead generation for businesses, from real-time targeting to automated follow-ups. Discover essential tools, tips…...
CVE-2024-9061
The CVE CVE-2024-9061 affects the WordPress plugin WP Popup Builder – Popup Forms and Marketing Lead Generation. It allows unauthenticated users to perform arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to 1.3.5, due to inadequate validation ...
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.2 - Contributor+ Stored Cross-Site Scripting
Description The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and...
PT-2024-30062 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin
Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions up to, and including, 1.9.1 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode...
CVE-2024-3637
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2024-3637
CVE-2024-3637 affects the WordPress plugin Lead Form Builder (Responsive Contact Form Builder & Lead Generation) = 1.9.8. If upgrading to a version addressing this issue (e.g., 1.9.8 or later) is available, apply it. Until patched, exposure exists for admin users who can modify settings. Technica...
CVE-2024-1415
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...
CVE-2024-1415
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...
PT-2024-18026 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin
Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions prior to 1.8.9 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To replicate this vulnerability, follo...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization
Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated...
CVE-2024-0368
The Hustle plugin for WordPress (wordpress-popup) versions up to and including 7.8.3 contains hardcoded HubSpot credentials in inc/providers/hubspot/hustle-hubspot-api.php (CLIENT_ID, CLIENT_SECRET, HAPIKEY). This root cause enables exposure of HubSpot API keys and potential access to PII via Hub...
PT-2024-18311 · WordPress · Aweber – Free Sign Up Form/Landing Page Builder Plugin For Lead Generation/Email Newsletter Growth
Name of the Vulnerable Software and Affected Versions: AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress versions up to, and including, 7.3.14 Description: The issue allows authenticated attackers with administrator-lev...
CVE-2023-51534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...