21 matches found
How to Deploy Veeam Backup for Salesforce External Client App
Purpose This article documents how to create an External Client App ECA in Salesforce to integrate with Veeam Backup for Salesforce via Salesforce API. An ECA with proper permissions is required for Veeam Backup for Salesforce to integrate with Salesforce API using the OAuth 2.0 protocol. Solutio...
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
3loc (>=0.1.0 <=0.4.0), 3scale (>=0.2.0 <=0.6.2) +657 more potentially affected by CVE-2025-25341 via libxmljs (>=0.10.0 <=1.0.9)
libxmljs NPM version =0.10.0, =0.1.0, =0.2.0, =0.3.2, =0.0.1, =4.0.1, =1.10.4, =1.8.1, =1.5.8, =1.5.1, =1.8.3, =0.1.0, =1.0.1, =1.2.0 and more Source cves: CVE-2025-25341 Source advisory: SNYK:JS-LIBXMLJS-14723210...
CVE-2025-67468
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
CVE-2025-67468
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
CVE-2025-67468 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
CVE-2025-67468
CVE-2025-67468 affects WordPress: the WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin (cf7-salesforce) with versions up to and including 1.4.6. The issue is a Missing Authorization / Broken Access Control vulnerability allowing exploitat...
WordPress plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
EUVD-2025-16458
Malicious code in bioql PyPI...
CVE-2025-30953
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Phishing.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.4.7...
CVE-2025-30953
CVE-2025-30953 is an Open Redirect vulnerability in the WordPress plugin WP Gravity Forms Salesforce (also listed as gf-salesforce-crmperks). The entry states impact on versions from unspecified (n/a) up to 1.4.7 and notes the issue enables phishing via URL redirection. The connected Red Hat entr...
CVE-2025-4659
The CVE-2025-4659 entry concerns the WordPress plugin integrating Salesforce with Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms. It exposes a Full Path Disclosure vulnerability in all versions up to and including 1.4.4, enabling unauthenticated attackers to retrieve the web appl...
CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure
The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...
CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure
The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...
CVE-2023-37982
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...
CVE-2025-47455
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through = 1.7.5...
WordPress WordPress-to-candidate for Salesforce CRM plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WordPress-to-candidate for Salesforce CRM versions = 1.0.1...
CVE-2019-5486
A authentication bypass vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements...
CVE-2019-5486
A authentication bypass vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements...
GitLab: Bypass Email Verification using Salesforce -- Reproducible in gitlab.com
Summary The salesforce login integration allows attacker to bypass email verification -- user is able to signup with any email domain they want, effectively bypass all email domain whitelist/blacklist restriction or any other 3rd party using gitlab instance's email address. It is possible because...