Lucene search
Ramuel GallWPVDB-ID:F40BD1B0-3640-4C4E-AFB3-D433B48B2393HistoryApr 07, 2020 - 12:00 a.m.
WP Lead Plus X <= 0.99 - Multiple Cross-Site Request Forgery (CSRF)
2020-04-0700:00:00
Ramuel Gall
wpscan.com
5
None of the functions in this plugin use nonce checks, so it is possible for an attacker to perform any action that the plugin is capable of by tricking an administrator into clicking a specially crafted link designed to perform that action. This includes capabilities such as adding new pages, replacing existing pages, and inserting malicious JavaScript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| free-sales-funnel-squeeze-pages-landing-page-builder-templates-make | eq | * |