VulnCheck KEV: CVE-2026-1890

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

EUVD-2026-16124

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890

The LeadConnector WordPress plugin is affected by CVE-2026-1890: versions before 3.0.22 expose an unauthenticated REST route that allows an attacker to call the route and overwrite existing data. This constitutes a lack of authorization on the vulnerable endpoint. The vulnerability is fixed in ve...

PT-2026-28216

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-25441

CVE-2026-25441 affects the WordPress LeadConnector plugin up to version 3.0.21, described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels in LeadConnector. Impact noted as unauthorized access potential; no exploitation ...

CVE-2025-30893 WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through = 3.0.2...

WordPress plugin LeadConnector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin LeadConnector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LeadConnector plugin <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin LeadConnector versions = 1.7...

WordPress plugin LeadConnector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...

PT-2024-17983 · WordPress · Leadconnector

Name of the Vulnerable Software and Affected Versions: LeadConnector plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to a missing capability check on the lc public api proxy function, which allows unauthenticated attackers to delete arbitrary posts,...