CVE-2025-68571
- EPSS 0.06%
- Veröffentlicht 24.12.2025 13:10:37
- Zuletzt bearbeitet 15.04.2026 00:35:42
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.9.0.
CVE-2025-57970
- EPSS 0.01%
- Veröffentlicht 22.09.2025 18:24:37
- Zuletzt bearbeitet 15.04.2026 00:35:42
Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through <= 3.8.1.
CVE-2025-57971
- EPSS 0.02%
- Veröffentlicht 22.09.2025 18:24:36
- Zuletzt bearbeitet 15.04.2026 00:35:42
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.8.1.
CVE-2023-4939
- EPSS 0.25%
- Veröffentlicht 21.10.2023 08:15:08
- Zuletzt bearbeitet 08.04.2026 19:18:40
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash ...