Vulnerabilities and security researches forleadconnector leadconnector

Feb 27, 2026

CVE, Research URL: CVE-2026-25441
Home page URL: Security reports for LeadConnector
Application: LeadConnector
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
Affected versions: max 3.0.21.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30893
Home page URL: Security reports for LeadConnector
Application: LeadConnector
Date: Mar 27, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2.
Affected versions: max 3.0.3.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-1371
Home page URL: Security reports for LeadConnector
Application: LeadConnector
Date: Apr 30, 2024
Research Description: The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Affected versions: max 1.8.
Status: vulnerable

CVE, Research URL: CVE-2024-34378
Home page URL: Security reports for LeadConnector
Application: LeadConnector
Date: May 07, 2024
Research Description: Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.
Affected versions: max 1.8.
Status: vulnerable