13 matches found
CVE-2026-2418
CVE-2026-2418 — Normal : The Login with Salesforce WordPress plugin (versions up to 1.0.2) does not validate that a Salesforce-authenticated user is authorized to log in, allowing an unauthenticated user to be authenticated as any user by guessing the email. This creates an authentication bypass ...
CVE-2026-2418 Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
PT-2026-23220
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
CVE-2025-60180 WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.5.1...
CVE-2025-60180
CVE-2025-60180 concerns a deserialization of untrusted data vulnerability in the WordPress plugin WP Gravity Forms Salesforce gf-salesforce-crmperks . The issue affects WP Gravity Forms Salesforce versions up to 1.5.1 and is described as PHP Object Injection caused by deserializing untrusted inpu...
CVE-2025-60180 WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.5.1...
WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin To Lead For Salesforce versions = 2.7.3.9...
WordPress Integration for Contact Form 7 and Salesforce plugin <= 1.4.4 - Unauthenticated Full Path Disclosure vulnerability
Unauthenticated Full Path Disclosure vulnerability discovered by far00t01 in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.4...
WordPress Integration for WooCommerce and Salesforce plugin <= 1.7.5 - Open Redirection Vulnerability
Open Redirection Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Integration for WooCommerce and Salesforce versions = 1.7.5...
WordPress plugin WordPress-to-candidate for Salesforce CRM 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Integration for Contact Form 7 and Salesforce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000142 via org.jenkins-ci.plugins:ghprb (=1.31.4)
org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000142...
WordPress To Lead For Salesforce Plugin <= 1.0.1 - Cross Site Scripting
This plugin is prone to salesforce.php salesforceformshortcode Function Error Message H&ling cross site scripting vulnerability. Solution Update the plugin...