Sendmarc appoints Rob Bowker as North American Region Lead

Wilmington, United States, 4th September 2025, CyberNewsWire...

GHSA-9V8P-M85M-F7MM Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lead:addLeadTags process. An attacker can execute arbitrary JavaScript in another user's browser session by injecting malicious input into the Tags field, which is reflected in the server's response...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823

Summary of CVE-2025-9823 (Reflected XSS in lead:addLeadTags) : The vulnerability affects Mautic (open source marketing automation) via the server-side input field “Tags” in the /s/ajax?action=lead:addLeadTags endpoint. The issue arises because user-supplied input is reflected back in the server r...

PT-2025-35773

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because...

CVE-2025-8145

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

CVE-2025-8145 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

CVE-2025-8145 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

CVE-2025-8145

CVE-2025-8145 affects the WordPress plugin Redirection for Contact Form 7 (versions up to and including 3.2.4). The vulnerability arises from deserialization of untrusted input in the get_lead_fields function, enabling unauthenticated PHP object injection. The presence of a POP chain in the plugi...

PT-2025-33894

Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions up to and including 3.2.4 Description: The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the ge...

CVE-2025-31425

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-31425

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-31425 WordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-31425

CVE-2025-31425 relates to the WordPress plugin “WP Lead Capturing Pages” (versions prior to 2.3). The vulnerability is caused by Missing Authorization stemming from incorrectly configured access control, enabling an attacker to perform Arbitrary Content Deletion. The CVSS v3.1 score is 7.5 (High)...