The LeadSnap plugin for WordPress has a security issue in versions up to and including 1.23. Unauthenticated attackers can send untrusted input in a certain AJAX action, which can be used to inject a malicious PHP Object. This could potentially allow the attacker to delete files, access sensitive data, or execute code on the system, depending on what else is installed.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
