CVE-2025-5240
- EPSS 0.03%
- Veröffentlicht 22.07.2025 01:44:27
- Zuletzt bearbeitet 22.07.2025 13:05:40
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it poss...
CVE-2024-13702
- EPSS 0.05%
- Veröffentlicht 26.03.2025 08:21:52
- Zuletzt bearbeitet 05.06.2025 14:26:11
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient i...
CVE-2024-13703
- EPSS 0.07%
- Veröffentlicht 13.03.2025 02:15:11
- Zuletzt bearbeitet 26.05.2025 02:16:41
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible ...
CVE-2023-2404
- EPSS 0.1%
- Veröffentlicht 03.06.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 07:58:32
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2023-2405
- EPSS 0.06%
- Veröffentlicht 03.06.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 07:58:33
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthen...