CVE-2022-41978

The CVE-2022-41978 issue affects the WordPress Zoho CRM Lead Magnet plugin, specifically versions up to 1.7.5.8 (and referenced guidance up to 1.7.6.x). The root cause is insufficient authorization and CSRF protections in certain AJAX actions, allowing authenticated users (e.g., subscriber level)...

PT-2022-26197 · Zoho · Zoho Crm Lead Magnet Plugin

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin versions = 1.7.5.8 Description: The issue allows authenticated users with subscriber or higher privileges to update arbitrary options. Recommendations: For Zoho CRM Lead Magnet plugin versions = 1.7.5.8, update to ...

CVE-2019-19306

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName...

CVE-2019-19306

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName...

PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...