Zoho CRM Lead Magnet Plugin - Authenticated Cross Site Scripting (XSS)



Description
The version affected was version 1.6.9.1

The plugin was removed from the WordPress plugin directory on October 15th 2019.

Affects Plugin

fixed in version 1.6.9.2

References

CVE 2019-19306
URL https://github.com/cybersecurityworks/Disclosed/issues/16

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Saran Baskar from Cyber Security Works Research Lab
Views 4028
Verified No
WPVDB ID 9919

Timeline

Publicly Published 2019-10-15 (3 months ago)
Added 2019-10-17 (3 months ago)
Last Updated 2019-11-28 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin