9 matches found
CVE-2026-10835
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
EUVD-2026-39625
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-10835 SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...
CVE-2026-10835
The CVE-2026-10835 entry concerns the SALESmanago & Leadoo WordPress plugin, affected versions before 3.11.3. The vulnerability arises from improper sanitisation/escaping of a parameter in an AJAX action before it is used in a SQL statement, coupled with missing authorization enforcement for that...
CVE-2026-54822
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
CVE-2026-54822 WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
EUVD-2026-39364
Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...
CVE-2026-54822
Summary: CVE-2026-54822 affects the WordPress plugin case “SALESmanago & Leadoo” (versions up to 3.11.2). The vulnerability is a Subscriber SQL Injection in the plugin’s handling of subscriber data, with the root cause not explicitly detailed beyond the SQL injection label. The CVSS metrics indic...
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...