We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2025-12696

CVE-2025-12696

WordPress

Severity: MEDIUM
CVSS: 5.3CVSS
Published: 2025-12-14
Last modified: 2025-12-15
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

References

https://wpscan.com/vulnerability/e552dfc8-c6e1-4605-bc36-30dc4066eaea/

Summary

Description

References