| CVE-2025-30863 | WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.3 | 2025-03-27 10:55:33 | Deep Dive |
| CVE-2025-30810 | WordPress Lead Form Data Collection to CRM plugin <= 3.0.1 - SQL Injection vulnerability | Smackcoders Inc., | Lead Form Data Collection to CRM | High | 8.5 | 2025-03-27 10:54:59 | Deep Dive |
| CVE-2024-13702 | CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | CRM and Lead Management by vcita | Medium | 6.4 | 2025-03-26 08:21:52 | Deep Dive |
| CVE-2025-2186 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 7.5 | 2025-03-22 12:42:12 | Deep Dive |
| CVE-2024-13703 | CRM and Lead Management by vcita <= 2.7.5 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle | vcita | CRM and Lead Management by vcita | Medium | 4.3 | 2025-03-13 01:45:28 | Deep Dive |
| CVE-2025-27430 | Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center) | SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | Low | 3.5 | 2025-03-11 00:37:25 | Deep Dive |
| CVE-2024-12146 | SQLi in Finder Fire Safety's Finder ERP/CRM (New System) | Finder Fire Safety | Finder ERP/CRM (New System) | High | 7.5 | 2025-03-06 14:08:34 | Deep Dive |
| CVE-2024-12144 | SQLi in Finder Fire Safety's Finder ERP/CRM (Old System) | Finder Fire Safety | Finder ERP/CRM (Old System) | Critical | 9.8 | 2025-03-06 14:05:09 | Deep Dive |
| CVE-2025-23575 | WordPress DX Sales CRM plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability | DevriX | DX Sales CRM | High | 7.1 | 2025-03-03 13:30:13 | Deep Dive |
| CVE-2025-1618 | vTiger CRM index.php cross site scripting | vTiger | CRM | Medium | 4.3 | 2025-02-24 04:31:04 | Deep Dive |
| CVE-2024-13405 | Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block | apptivo | Apptivo Business Site | Medium | 4.3 | 2025-02-19 07:32:15 | Deep Dive |
| CVE-2025-1360 | Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting | Internet Web Solutions | Sublime CRM | Low | 3.5 | 2025-02-16 20:31:03 | Deep Dive |
| CVE-2025-24558 | WordPress CRM Perks plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | CRM Perks | High | 7.1 | 2025-02-14 12:44:34 | Deep Dive |
| CVE-2025-23657 | WordPress WordPress-to-candidate for Salesforce CRM plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | RusAlex | WordPress-to-candidate for Salesforce CRM | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2024-10591 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | makewebbetter | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics | High | 8.8 | 2025-01-30 13:42:09 | Deep Dive |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.1 | 2025-01-27 14:22:18 | Deep Dive |
| CVE-2025-0463 | Shanghai Lingdang Information Technology Lingdang CRM index.php unrestricted upload | Shanghai Lingdang Information Technology | Lingdang CRM | Medium | 6.3 | 2025-01-14 17:00:15 | Deep Dive |
| CVE-2025-0462 | Shanghai Lingdang Information Technology Lingdang CRM index.php sql injection | Shanghai Lingdang Information Technology | Lingdang CRM | Medium | 6.3 | 2025-01-14 16:31:05 | Deep Dive |
| CVE-2025-0461 | Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal | Shanghai Lingdang Information Technology | Lingdang CRM | Medium | 4.3 | 2025-01-14 16:00:20 | Deep Dive |
| CVE-2025-0394 | Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | High | 8.8 | 2025-01-14 08:23:14 | Deep Dive |