CVE-2025-31425 WordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

PT-2025-33165 · WordPress · Wp Lead Capturing Pages

Name of the Vulnerable Software and Affected Versions: WP Lead Capturing Pages versions prior to 2.3 Description: A missing authorization issue exists in kamleshyadav WP Lead Capturing Pages due to incorrectly configured access control security levels. Recommendations: Update WP Lead Capturing...

WordPress plugin WP Lead Capturing Pages security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

PT-2025-32965

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.3 Description: The plugin is susceptible to a PHP Object Injection due to the deserialization of untrusted input within the get lead...

WordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WP Lead Capturing Pages versions 2.6...

WordPress Lead Form Data Collection to CRM plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lead Form Data Collection to CRM plugin, which stems from a missing capability check in the function...

CVE-2025-5692

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /includes/LBadminajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

CVE-2025-5692 Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /includes/LBadminajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

CVE-2025-5692

The CVE-2025-5692 entry concerns the WordPress plugin Lead Form Data Collection to CRM (versions up to and including 3.1). It states a missing capability check in multiple functions within LB_admin_ajax.php (notably doFieldAjaxAction), allowing authenticated users with Subscriber-level access and...

PT-2025-27582 · WordPress · Lead Form Data Collection To Crm

Name of the Vulnerable Software and Affected Versions: Lead Form Data Collection to CRM plugin for WordPress versions up to, and including, 3.1 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the doFieldAjaxActi...

WordPress plugin Lead Form Data Collection to CRM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lead Form Data Collection to CRM plugin, which stems from a missing capability check in the function...

CVE-2025-31424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-31424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-31424

CVE-2025-31424 describes an unauthenticated SQL Injection in the WordPress plugin WP Lead Capturing Pages (Kamleshyadav) affecting versions up to 2.3. The vulnerability arises from improper neutralization of input elements used in SQL commands, enabling blind SQL injection. The associated CVSS 3....

CVE-2025-31424 WordPress WP Lead Capturing Pages plugin < 2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

CVE-2025-31424 WordPress WP Lead Capturing Pages plugin < 2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...

WordPress plugin WP Lead Capturing Pages SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2025-47690

Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...