VYPR

CRM And Lead Management By Vcita

by Vcita

CVEs (5)

  • CVE-2023-2404MedJun 3, 2023
    risk 0.42cvss 6.4epss 0.01

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers…

  • CVE-2025-5240MedJul 22, 2025
    risk 0.35cvss 6.4epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2023-2405MedJun 3, 2023
    risk 0.33cvss 6.1epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify…

  • CVE-2024-13703MedMar 13, 2025
    risk 0.21cvss 4.3epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.5. This makes it possible for authenticated attackers,…

  • CVE-2024-13702Mar 26, 2025
    risk 0.00cvss epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output…