Cross-Site Scripting Vulnerability in Saleswonder Team WP2LEADS Plugin
CVE-2025-30827
7.1HIGH
What is CVE-2025-30827?
A Cross-Site Scripting (XSS) vulnerability has been identified in the Saleswonder Team WP2LEADS plugin, allowing an attacker to inject malicious scripts into web pages displayed to users. This vulnerability occurs due to improper neutralization of user input during web page generation, potentially leading to reflected XSS attacks. Versions from n/a through 3.4.5 of WP2LEADS are affected, posing significant risks to web application integrity and user data.
Affected Version(s)
WP2LEADS 0 <= 3.4.5