cleantalk
Vulnerabilities and Security Researches

LeadConnector, CVE-2026-1890

CVE, Research URL

CVE-2026-1890

Home page URL

Security reports for LeadConnector

Application

LeadConnector

Published on
Mar 26, 2026
Research Description
The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data
Affected versions
max 3.0.22.
Status
vulnerable
Previous vulnerability researches
Conditional Menus (CVE-2023-2654) , Jun 07, 2024
Conditional Menus (CVE-2026-1032) , Apr 14, 2026
New vulnerability
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-1036) , Apr 15, 2026
Secure Copy Content Protection and Content Locking (CVE-2026-1320) , Apr 15, 2026
Secure Copy Content Protection and Content Locking (CVE-2026-2367) , Apr 15, 2026
Post Grid, Post Carousel, & List Category Posts – by Smart Post Show (CVE-2026-3017) , Apr 15, 2026
Japanized For WooCommerce (CVE-2026-1305) , Apr 15, 2026