Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wp_lead_plus_x
(Wpleadplus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-07 | CVE-2020-11509 | An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page). | Wp_lead_plus_x | N/A | ||
| 2020-04-07 | CVE-2020-11508 | An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. | Wp_lead_plus_x | N/A |