cleantalk
Vulnerabilities and Security Researches

WP AVCL Automation Helper (formerly WPFlyLeads), CVE-2025-46531

CVE, Research URL

CVE-2025-46531

Home page URL

Security reports for WP AVCL Automation Helper (formerly WPFlyLeads)

Application

WP AVCL Automation Helper (formerly WPFlyLeads)

Published on
Apr 24, 2025
Research Description
Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4.
Affected versions
Min -, max 3.4.
Status
vulnerable
Previous vulnerability researches
Linked Variation for WooCommerce (CVE-2024-48047) , Oct 18, 2024
New vulnerability
Control Listings – Classifieds Ads Directory Portal Manager (CVE-2025-46234) , Apr 26, 2025
WordPress Tooltip (CVE-2025-46532) , Apr 26, 2025
Business Contact Widget (CVE-2025-46529) , Apr 26, 2025
Drop Caps (CVE-2025-46495) , Apr 26, 2025
WpZon – Amazon Affiliate Plugin (CVE-2025-46506) , Apr 26, 2025