VYPR

WP Lead Plus X

by WordPress

CVEs (3)

  • CVE-2020-36839HigOct 16, 2024
    risk 0.54cvss 8.3epss 0.00

    The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative…

  • CVE-2020-11509MedApr 7, 2020
    risk 0.40cvss 6.1epss 0.02

    An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is…

  • CVE-2020-11508MedApr 7, 2020
    risk 0.35cvss 5.4epss 0.01

    An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page)…