WordPress plugin WP Lead Plus X 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Zoho CRM Lead Magnet plugin <= 1.7.9.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Zoho CRM Lead Magnet versions = 1.7.9.7...

PT-2024-10849 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin for WordPress versions up to, and including, 0.99 Description: The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions. This...

CVE-2024-46366

A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...

PT-2024-31970 · Webkul · Webkul Krayin Crm

Name of the Vulnerable Software and Affected Versions: Webkul Krayin CRM version 1.3.0 Description: A Client-side Template Injection CSTI vulnerability allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This ca...

CVE-2024-46366

Webkul Krayin CRM 1.3.0 is affected by a Client-side Template Injection (CSTI) vulnerability during lead creation, allowing an attacker to inject malicious template code and potentially escalate privileges within the CRM. No exploit details are provided in the available documents. The Red Hat PT ...

WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin plugin <= 1.3.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Icegram Collect versions = 1.3.14...

CVE-2024-5283 WP Affiliate Platform < 6.5.1 - Reflected XSS via Lead Editing

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Zoho CRM Lead Magnet plugin <= 1.7.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Zoho CRM Lead Magnet versions = 1.7.8.8...

Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.2 - Contributor+ Stored Cross-Site Scripting

Description The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

PT-2024-30062 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin

Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions up to, and including, 1.9.1 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin < 1.9.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mohamed Azarudheen in WordPress Plugin Contact Form & Lead Form Elementor Builder versions 1.9.8...

CVE-2024-3637

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-3637

CVE-2024-3637 affects the WordPress plugin Lead Form Builder (Responsive Contact Form Builder & Lead Generation) = 1.9.8. If upgrading to a version addressing this issue (e.g., 1.9.8 or later) is available, apply it. Until patched, exposure exists for admin users who can modify settings. Technica...

CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3637 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8bf001e4e07 Credits...

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...