CVE-2026-25233

PEAR framework (PHP) is affected by a logic bug in the roadmap role check that allowed non-lead maintainers to create, update, or delete roadmaps. The issue is caused by an operator precedence/authorization flaw and has been patched in version 1.33.0. Red Hat/Ubuntu/NVD references describe the sa...

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

EUVD-2026-5202

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Lead Editing vulnerability

Reflected XSS via Lead Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

CVE-2026-24595

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.9...

CVE-2025-49050

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

CVE-2025-49055

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

CVE-2025-68046

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

CVE-2026-24595

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.9...

CVE-2026-24595

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.5...

CVE-2026-24595 WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.9...

CVE-2026-24595

CVE-2026-24595 concerns the WordPress plugin Zoho CRM Lead Magnet (zoho-crm-forms). The initial description notes a Missing Authorization vulnerability allowing exploitation of incorrectly configured access control security levels, affecting Zoho CRM Lead Magnet versions from n/a through 1.8.1.5....

CVE-2026-24595 WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.9...

WordPress plugin Zoho CRM Lead Magnet has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4430

Name of the Vulnerable Software and Affected Versions Zoho CRM Lead Magnet versions through 1.8.1.5 Description An authorization issue exists in Zoho CRM Lead Magnet zoho-crm-forms, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Zoho CRM Lea...

CVE-2025-68046

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

CVE-2025-49050

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

CVE-2025-49055

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

CVE-2025-68046 WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...