757 matches found
CVE-2025-14633
The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...
CVE-2025-14633
CVE-2025-14633 affects the F70 Lead Document Download plugin for WordPress (versions ≤ 1.4.4). A missing capability check in the file_download function allows unauthenticated attackers to download any media-library file by enumerating attachment IDs. Wordfence’s entry for this CVE notes the patch...
WordPress plugin F70 Lead Document Download 安全漏洞
...
WordPress F70 Lead Document Download plugin <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability
Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability discovered by ChamlaVic in WordPress Plugin F70 Lead Document Download versions = 1.4.4...
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records
Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII...
CVE-2025-13093
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-13093
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
WordPress Devs CRM – Manage tasks, attendance and teams all together plugin <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update vulnerability
Missing Authorization to Unauthenticated Lead Tag Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Devs CRM versions = 1.1.8...
PT-2025-51061
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-63049
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
CVE-2025-63048
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
EUVD-2025-201978
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through = 1.0.2...
CVE-2025-63049
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
CVE-2025-63048
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
CVE-2025-63049 WordPress ListingPro Lead Form plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
CVE-2025-63049 WordPress ListingPro Lead Form plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
CVE-2025-63048 WordPress ListingPro Lead Form plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...
CVE-2025-63048 WordPress ListingPro Lead Form plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...