VYPR
Medium severity5.3NVD Advisory· Published Mar 26, 2026· Updated Apr 15, 2026

CVE-2026-1890

CVE-2026-1890

Description

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

1

News mentions

1