CVE-2023-45047

Cross-Site Request Forgery CSRF vulnerability in LeadSquared, Inc LeadSquared Suite plugin = 0.7.4 versions...

WordPress Plugin Fast & Effective Popups & Lead-Generation for WordPress - HollerBox Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Landing Page Builder - Lead Page - Optin Page - Squeeze Page - WordPress Landing Pages Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin notifyvisitors-lead-form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Lead Generated Plugin < 1.25 Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:leadgenerated:leadgenerated"; ifdescription...

LinkedIn: HTML injection at Company Name or Product Name and can be shown on Contact Sales form

A vulnerability was discovered that allowed HTML injection into the company name and product name fields on a contact sales form. Attackers could exploit this to conduct phishing attacks or distribute malware. The issue was addressed...

WordPress Pretty Opt In Lite – Content Locker for Lead Generation Plugin <= 1.3.13 is vulnerable to Cross Site Scripting (XSS)

Software Pretty Opt In Lite – Content Locker for Lead Generation Type Plugin Vulnerable versions = 1.3.13 Fixed in 1.3.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 550b1e29c12...

WordPress WP Lead Stream Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Lead Stream Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d2971cba9459 Credits Rafie Muhammad Patchstack Required...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.4 is vulnerable to Broken Access Control

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25969 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 970570cbeaa7 Credits...

WordPress CRM and Lead Management by vcita Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software CRM and Lead Management by vcita Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2404 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 13e385882b8d Credits...

WordPress CRM and Lead Management by vcita Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software CRM and Lead Management by vcita Type Plugin Vulnerable versions = 2.7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2405 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID b8d44a43844f Credits Jonas...

CVE-2023-2404

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...

Cross site request forgery (csrf)

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

Cross site scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...

CVE-2023-2404 CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...

CVE-2023-2404

CVE-2023-2404 is a stored XSS flaw in the WordPress plugin CRM and Lead Management by vcita (versions up to and including 2.6.2). The issue arises from insufficient input sanitization and output escaping in the email parameter, enabling authenticated attackers with the edit_posts capability (e.g....

CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

CVE-2023-2405

The CVE-2023-2405 entry describes a CSRF vulnerability in the WordPress plugin CRMs and Lead Management by vcita up to version 2.6.2 due to missing nonce validation in vcita-callback.php, enabling unauthenticated attackers to modify settings and inject malicious JavaScript via forged requests if ...

WordPress plugin CRM and Lead Management by vcita 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin CRM and Lead Management by vcita 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...