Lucene search
+L

9 matches found

nvd
nvd
added 2026/06/26 7:16 a.m.11 views

CVE-2026-10835

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

7.7CVSS0.00215EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 6:0 a.m.11 views

EUVD-2026-39625

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

7.7CVSS5.8AI score0.00215EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 6:0 a.m.42 views

CVE-2026-10835 SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

0.00215EPSS
Exploits0References1
cve
cve
added 2026/06/26 6:0 a.m.17 views

CVE-2026-10835

The CVE-2026-10835 entry concerns the SALESmanago & Leadoo WordPress plugin, affected versions before 3.11.3. The vulnerability arises from improper sanitisation/escaping of a parameter in an AJAX action before it is used in a SQL statement, coupled with missing authorization enforcement for that...

7.7CVSS5.8AI score0.00215EPSS
Exploits0References1
nvd
nvd
added 2026/06/25 2:16 p.m.5 views

CVE-2026-54822

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS0.0027EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/25 1:12 p.m.33 views

CVE-2026-54822 WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS0.0027EPSS
Exploits0References1
euvd
euvd
added 2026/06/25 1:12 p.m.10 views

EUVD-2026-39364

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
cve
cve
added 2026/06/25 1:12 p.m.20 views

CVE-2026-54822

Summary: CVE-2026-54822 affects the WordPress plugin case “SALESmanago & Leadoo” (versions up to 3.11.2). The vulnerability is a Subscriber SQL Injection in the plugin’s handling of subscriber data, with the root cause not explicitly detailed beyond the SQL injection label. The CVSS metrics indic...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/17 1:7 p.m.11 views

WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...

8.5CVSS6AI score0.0027EPSS
Exploits0Affected Software1
Rows per page
Query Builder