LeadConnector, CVE-2026-1890
- CVE, Research URL
- Home page URL
- Application
- Published on
- Mar 26, 2026
- Research Description
- The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data
- Affected versions
-
max 3.0.22.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Hello Bar (CVE-2026-39666) , Apr 14, 2026 |