CVE-2025-68571
- EPSS 0.06%
- Veröffentlicht 24.12.2025 13:10:37
- Zuletzt bearbeitet 20.01.2026 15:19:47
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0.
CVE-2025-57970
- EPSS 0.02%
- Veröffentlicht 22.09.2025 18:24:37
- Zuletzt bearbeitet 04.10.2025 04:16:24
Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1.
CVE-2025-57971
- EPSS 0.04%
- Veröffentlicht 22.09.2025 18:24:36
- Zuletzt bearbeitet 04.10.2025 04:16:24
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1.
CVE-2023-4939
- EPSS 0.25%
- Veröffentlicht 21.10.2023 08:15:08
- Zuletzt bearbeitet 21.11.2024 08:36:18
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash ...