cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36839,https://securityvulnerability.io/vulnerability/CVE-2020-36839,Lead Plus X plugin vulnerable to Cross-Site Request Forgery,"The WP Lead Plus X plugin for WordPress features a Cross-Site Request Forgery vulnerability, primarily present in versions up to 0.99. This vulnerability arises from inadequate nonce validation across various functions, enabling potential attackers to exploit the flaw. By deceiving an authorized site administrator into clicking a malicious link, attackers can perform unauthorized administrative actions, including injecting harmful JavaScript or modifying site content without consent.",Wordpress,WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X,8.3,HIGH,0.0005099999834783375,false,,false,false,false,,false,false,2024-10-16T06:43:45.081Z,0
CVE-2020-11509,https://securityvulnerability.io/vulnerability/CVE-2020-11509,,An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).,Wordpress,WP Lead Plus X,6.1,MEDIUM,0.0019399999873712659,false,,false,false,false,,false,false,2020-04-07T18:48:43.000Z,0
CVE-2020-11508,https://securityvulnerability.io/vulnerability/CVE-2020-11508,,An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.,Wordpress,WP Lead Plus X,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2020-04-07T18:44:49.000Z,0