Malicious code in lead-marketing-metadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 016aee50e66161e661a3081d1f57bce99eac8911deffc17f059b8b1bec74a13e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows Reflected XSS.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/...

CVE-2025-23784

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/...

CVE-2025-23812 WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows Reflected XSS.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/...

CVE-2025-23812 WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows Reflected XSS.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/...

CVE-2025-23812

CVE-2025-23812 : Reflected Cross-Site Scripting in the NotFound Contact Form 7 Round Robin Lead Distribution plugin. Affected: Contact Form 7 Round Robin Lead Distribution from n/a up to version 1.2.1. CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Impact: Confidentiality, Integrity, an...

CVE-2025-23784 WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/...

WordPress plugin Contact Form 7 Round Robin Lead Distribution SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Contact Form 7 Round Robin Lead...

WordPress plugin Contact Form 7 Round Robin Lead Distribution 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin...

CVE-2025-23929

Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation email-capture-lead-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through = 1.0.2...

WordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata in WordPress Plugin Email Capture & Lead Generation versions = 1.0.2...

WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Contact Form 7 Round Robin Lead Distribution versions = 1.2.1...

WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Contact Form 7 Round Robin Lead Distribution versions = 1.2.1...

PT-2025-5208 · Wishfulthemes · Wishfulthemes Email Capture & Lead Generation

Name of the Vulnerable Software and Affected Versions: wishfulthemes Email Capture & Lead Generation versions 1.0.2 and earlier Description: The issue is related to a missing authorization vulnerability in wishfulthemes Email Capture & Lead Generation, which allows exploiting incorrectly configur...

PT-2025-1777 · WordPress · The Coupon X: Discount Pop Up

Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to missing capability checks on several functions in the...

WordPress Beacon Lead Magnets and Lead Capture Plugin <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Beacon Lead Magnets and Lead Capture versions = 1.5.7...

CVE-2024-38790

Cross-Site Request Forgery CSRF vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through = 3.6...

CVE-2024-38790

CVE-2024-38790 is a CSRF vulnerability in the WordPress plugin Smartsupp – live chat, chatbots, AI and lead generation, affecting versions up to 3.6. Root cause: CSRF flaw enabling unauthorized state-changing requests. Impact per provided data: confidentiality and availability remain unaffected; ...

CVE-2024-54258

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through = 1.3.0...

CVE-2024-54237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through = 1.3.0...