cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forleadconnector leadconnector

Direction: ascending
Jun 06, 2024

LeadConnector # CVE-2024-1371

CVE, Research URL

CVE-2024-1371

Home page URL

Security reports for LeadConnector

Application

LeadConnector

Date
Apr 30, 2024
Research Description
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Affected versions
max 1.8.
Status
vulnerable

LeadConnector # CVE-2024-34378

CVE, Research URL

CVE-2024-34378

Home page URL

Security reports for LeadConnector

Application

LeadConnector

Date
May 07, 2024
Research Description
Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.
Affected versions
max 1.8.
Status
vulnerable
Apr 02, 2025

LeadConnector # CVE-2025-30893

CVE, Research URL

CVE-2025-30893

Home page URL

Security reports for LeadConnector

Application

LeadConnector

Date
Mar 27, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2.
Affected versions
max 3.0.3.
Status
vulnerable
Feb 27, 2026

LeadConnector # CVE-2026-25441

CVE, Research URL

CVE-2026-25441

Home page URL

Security reports for LeadConnector

Application

LeadConnector

Date
Feb 19, 2026
Research Description
Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
Affected versions
max 3.0.21.
Status
vulnerable