ГлавнаяУязвимости → CVE-2026-10835
7.7высокая

CVE-2026-10835

Описание

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.

CVSS
Балл7.7 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Источники
https://wpscan.com/vulnerability/3c7b37ab-b069-4257-82b2-5b4c54f7e503/