Cross-Site Scripting Vulnerability in Saleswonder.biz Team WP2LEADS Plugin
CVE-2024-56065

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP2leads
Vendor: CVE Published:; 13 January 2025

What is CVE-2024-56065?

The WP2LEADS plugin by Saleswonder.biz is susceptible to a Cross-Site Scripting (XSS) vulnerability. This security flaw arises from improper input neutralization during web page generation, allowing attackers to inject malicious scripts that can be executed in the context of a victim's browser. This reflected XSS issue affects all versions up to 3.4.2, posing a risk to users by potentially enabling data theft, session hijacking, and other malicious activities.

Affected Version(s)

WP2LEADS <= 3.4.2

References

https://patchstack.com/database/wordpress/plugin/wp2leads...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2025
Vulnerability Reserved
Dec 14, 2024

Credit

LVT-tholv2k (Patchstack Alliance)