13 matches found
EUVD-2020-3862
Malware in sbrugna...
EUVD-2020-30791
Malware in sbrugna...
EUVD-2020-3861
Malware in sbrugna...
CVE-2020-36839
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as...
CVE-2020-36839
The CVE covers the WordPress plugin WP Lead Plus X, affected through version 0.99. The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions, enabling unauthenticated attackers to trigger administrative actions such as adding pages or inje...
WordPress WP Lead Plus X Cross-Site Scripting Vulnerability (CNVD-2020-22307)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...
CVE-2020-11509
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...
CVE-2020-11508
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...
Cross site scripting
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...
CVE-2020-11509
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...
CVE-2020-11509
WP Lead Plus X plugin for WordPress is affected by an unauthenticated stored XSS vulnerability up to version 0.98 (also described as through 0.98 with PoC guidance toward 0.99+). The issue arises from the c37_wpl_import_template admin-post action, allowing attackers to upload page templates conta...
CVE-2020-11508
CVE-2020-11508 affects WordPress WP Lead Plus X plugin up to version 0.98. The vulnerability is an XSS flaw in the page builder caused by an unprotected AJAX action wp_ajax_core37_lp_save_page, allowing a logged-in user with minimal permissions to save or replace pages with arbitrary JavaScript. ...
WP Lead Plus X < 0.99 - Unauthenticated Stored Cross-Site Scripting (XSS)
One of the features available to users who have paid for a license key for WP Lead Plus X is the ability to create and use "template" pages, which can be imported as a starting point when creating new pages. Although this feature is not visible if the plugin does not have a license key, it was...