CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an...

CRM and Lead Management by vcita < 2.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings before rendering it on the page, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting high privilege users such as administrators...

CRM and Lead Management by vcita < 2.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings before rendering it on the page, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting high privilege users such as administrators. PoC...

Information disclosure

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

PT-2023-17903 · WordPress · Fast & Effective Popups & Lead-Generation

Name of the Vulnerable Software and Affected Versions: Fast & Effective Popups & Lead-Generation for WordPress plugin versions prior to 2.1.4 Description: The issue concerns the concatenation of user input into an SQL query without proper escaping in the plugin's report API endpoint. This could...

WordPress plugin Fast & Effective Popups & Lead-Generation SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability in the WordPress plug...

Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin

On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves...

CVE-2022-38077

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

CVE-2022-38077

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

CVE-2022-38077 WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

CVE-2022-38077

CVE-2022-38077 is a CSRF vulnerability affecting the WP OnlineSupport / Popup Anything plugin for WordPress, in versions ≤ 2.2.1. The issue permits unauthorized cross-site requests that can be executed by an attacker due to unauthenticated access requirements. A fix has been released: upgrade to ...

CVE-2023-28667

The Lead Generated WordPress Plugin, version = 1.23, was affected by an unauthenticated insecure deserialization issue. The tvelabels parameter of the tveapiformsubmit action is passed to the PHP unserialize function without being sanitized or verified, and as a result could lead to PHP object...

CVE-2023-28667

CVE-2023-28667 centers on the Lead Generated WordPress Plugin (version

WordPress Plugin Lead Generated 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Icegram Collect – Easy Form, Lead Collection and Subscription plugin Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25024 Patch priority Low CVSS severity Low 5.9 Developer Claim...

Lead Management System SQL Injection Vulnerability (CNVD-2023-05745)

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the id parameter of removeProduct.php, which could be used by attackers to...

Lead Management System SQL Injection Vulnerability (CNVD-2023-05741)

Lead management system is a lead management system developed by Mayuri K. A SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of external input SQL statements in the id parameter of removeBrand.php, and can be exploited by attackers to The...

Lead Management System SQL Injection Vulnerability (CNVD-2023-05744)

Lead management system is a lead management system developed by Mayuri K. A SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of external input SQL statements in the id parameter of removeOrder.php, and can be exploited by attackers to The...

Lead Management System SQL Injection Vulnerability (CNVD-2023-05742)

Lead management system is a lead management system by Mayuri K. Personal developer. SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of externally entered SQL statements in the id parameter of removeCategories.php. An attacker could use th...