VYPR

CRM And Lead Management By Vcita

by WordPress

CVEs (3)

  • CVE-2023-2405MedJun 3, 2023
    risk 0.33cvss 6.1epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify…

  • CVE-2024-13703MedMar 13, 2025
    risk 0.21cvss 4.3epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.5. This makes it possible for authenticated attackers,…

  • CVE-2024-13702Mar 26, 2025
    risk 0.00cvss epss 0.00

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output…