cleantalk
Vulnerabilities and Security Researches

CRM and Lead Management by vcita, CVE-2024-13703

CVE, Research URL

CVE-2024-13703

Home page URL

Security reports for CRM and Lead Management by vcita

Application

CRM and Lead Management by vcita

Published on
Mar 13, 2025
Research Description
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets.
Affected versions
Min -, max 2.7.1.
Status
vulnerable
Previous vulnerability researches
Health Check & Troubleshooting (0d7812488161d299639070e64cb97bd1b407ca30) , Jun 06, 2024
Health Check & Troubleshooting (CVE-2022-47161) , Jun 06, 2024
Health Check & Troubleshooting , Dec 05, 2024
New vulnerability
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1620) , Mar 14, 2025
Hide My WP Ghost – Security Plugin (CVE-2025-2056) , Mar 14, 2025
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025