CVE-2025-5240
- EPSS 0.06%
- Veröffentlicht 22.07.2025 01:44:27
- Zuletzt bearbeitet 15.04.2026 00:35:42
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it poss...
CVE-2024-13702
- EPSS 0.07%
- Veröffentlicht 26.03.2025 08:21:52
- Zuletzt bearbeitet 05.06.2025 14:26:11
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient i...
CVE-2024-13703
- EPSS 0.11%
- Veröffentlicht 13.03.2025 02:15:11
- Zuletzt bearbeitet 08.04.2026 18:20:13
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.5. This makes it possible ...
CVE-2023-2404
- EPSS 0.13%
- Veröffentlicht 03.06.2023 05:15:09
- Zuletzt bearbeitet 08.04.2026 19:18:14
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2023-2405
- EPSS 0.08%
- Veröffentlicht 03.06.2023 05:15:09
- Zuletzt bearbeitet 08.04.2026 17:16:55
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthen...