CVE-2020-11508

CVE-2020-11508 affects WordPress WP Lead Plus X plugin up to version 0.98. The vulnerability is an XSS flaw in the page builder caused by an unprotected AJAX action wp_ajax_core37_lp_save_page, allowing a logged-in user with minimal permissions to save or replace pages with arbitrary JavaScript. ...

WP Lead Plus X <= 0.99 - Multiple Cross-Site Request Forgery (CSRF)

None of the functions in this plugin use nonce checks, so it is possible for an attacker to perform any action that the plugin is capable of by tricking an administrator into clicking a specially crafted link designed to perform that action. This includes capabilities such as adding new pages,...

WP Lead Plus X < 0.99 - Unauthenticated Stored Cross-Site Scripting (XSS)

One of the features available to users who have paid for a license key for WP Lead Plus X is the ability to create and use "template" pages, which can be imported as a starting point when creating new pages. Although this feature is not visible if the plugin does not have a license key, it was...

WordPress WP Lead Plus X plugin <= 0.98 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...

PT-2020-12656 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows remote attackers to upload page templates containing arbitrary JavaScript via the "c37 wpl import template" admin-post action. This JavaScript will execute in an...

WordPress WP Lead Plus X plugin <= 0.99 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.99. Solution Patched version not available according to WordFence...

RiskAssessmentFramework - Static Application Security Testing

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework's Static...

WordPress Zoho CRM Lead Magnet Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Zoho CRM Lead Magnet is a plug-in that creates web forms. A cross-site scripting vulnerability exists in WordPress Zoho CRM Lead Magnet...

CVE-2019-19306

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName...

CVE-2019-19306

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName...

Design/Logic Flaw

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName...

CVE-2019-19306

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName...

CVE-2019-19306

The CVE-2019-19306 entry concerns the Zoho CRM Lead Magnet WordPress plugin version 1.6.9.1, where an XSS vulnerability exists in functions exposed by the module, EditShortcode, or LayoutName. The root cause is insufficient input/data validation, enabling injection of scripts. Impact is client-si...

PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media source...

LEAD Technologies LEADTOOLS Numeric Error Vulnerability

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A numeric error vulnerability exists in the CMP parsing function in LEAD Technologies LEADTOOLS. The vulnerability can be exploited to execute code via specially crafted CMP image files...

WordPress Zoho CRM Lead Magnet plugin <=1.6.9.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Saran Baskar in WordPress Zoho CRM Lead Magnet plugin =1.6.9.1 Solution This plugin has been closed as of October 15, 2019 and is not available for download. This closure is temporary, pending a full review...

Zoho CRM Lead Magnet Plugin - Authenticated Cross Site Scripting (XSS)

The version affected was version 1.6.9.1 The plugin was removed from the WordPress plugin directory on October 15th 2019...

EVABS - Extremely Vulnerable Android Labs

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...

CVE-2017-6216

novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution...