exploitDog

GHSA-58xj-43wp-5wf8

Опубликовано: 14 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

Ссылки

EPSS

Процентиль: 9%

0.00033

Низкий

5.3 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-12696

CVSS3: 5.3

nvd

около 2 месяцев назад

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

EPSS

Процентиль: 9%

0.00033

Низкий

5.3 Medium

CVSS3

CVE ID