CVE-2025-62106

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...

WordPress WP-CRM System plugin unauthorized access vulnerability

The WordPress WP-CRM System plugin is a Customer Relationship Management CRM tool designed for WordPress websites that allows users to manage customer data, tasks and projects directly from the WordPress backend. WordPress WP-CRM System plugin suffers from an unauthorized access vulnerability tha...

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

CVE-2025-62740

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.6...

EUVD-2025-202020

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...

WordPress plugin WP-CRM System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-55991 WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.2.9.1...

PT-2024-36645 · Unknown · Wp-Crm System

Name of the Vulnerable Software and Affected Versions: WP-CRM System versions 3.2.9.1 and earlier Description: A Missing Authorization issue in WP-CRM System allows users to exploit incorrectly configured access control security levels. This enables unauthorized access to the system...

WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP-CRM System versions = 3.2.9.1...

WordPress CRM 2go Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software CRM 2go Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52350 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bed4faec08ba Credits SOPROBRO Required privilege Contributor Published ...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

WordPress CRM Perks Forms Plugin <= 1.1.5 is vulnerable to Broken Access Control

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37463 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16266b67c664 Credits Manab Jyoti Dowarah Required...

WordPress Plugin WordPress CRM Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress CRM Plugin A...

PT-2024-23362 · Unknown · Wp-Crm System

Name of the Vulnerable Software and Affected Versions: WP-CRM System versions 3.2.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject...

WordPress CRM Perks Forms Plugin <= 1.1.4 is vulnerable to SQL Injection

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30499 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 70d39ae38da2 Credits LVT-tholv2k Required privilege Contributor...

WordPress CRM Perks Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30446 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7cd056009948 Credits LVT-tholv2k Required privilege...

WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51536 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e48c62e620dc Credits Huynh Tien Si Required privilege...

WordPress CRM Perks Forms Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 82373127ce0e Credits Unknown Required privile...

WordPress CRM Memberships Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software CRM Memberships Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27427 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 152ce6558832 Credits Pavitra Tiwari Required...