PT-2020-12655 · WordPress · Wp Lead Plus X
Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the "wp ajax core37 lp save page"...