GHSA-mprc-69fc-33c7HighCVSS 7.7

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a...

Published
June 26, 2026
Last Modified
June 26, 2026

🔗 CVE IDs covered (1)

📋 Description

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.

🔗 References (3)