| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-56027 | WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability | bizswoop | Leads CRM | High | 7.1 | 2025-01-02 09:23:59 | Deep Dive |
| CVE-2024-55991 | WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability | Mario Peshev | WP-CRM System | Medium | 6.5 | 2024-12-31 12:51:02 | Deep Dive |
| CVE-2024-13001 | PHPGurukul Small CRM index.php sql injection | PHPGurukul | Small CRM | Medium | 6.3 | 2024-12-29 03:00:13 | Deep Dive |
| CVE-2024-13000 | PHPGurukul Small CRM quote-details.php sql injection | PHPGurukul | Small CRM | Medium | 6.3 | 2024-12-29 02:31:05 | Deep Dive |
| CVE-2024-12999 | PHPGurukul Small CRM edit-user.php sql injection | PHPGurukul | Small CRM | Medium | 6.3 | 2024-12-29 02:00:15 | Deep Dive |
| CVE-2024-12259 | CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation | sweetdaisy86 | RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress | High | 8.8 | 2024-12-18 03:22:06 | Deep Dive |
| CVE-2024-12443 | CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | crmperks | CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout | Medium | 6.4 | 2024-12-16 22:24:38 | Deep Dive |
| CVE-2024-54258 | WordPress Ni CRM Lead plugin <= 1.3.0 - SQL Injection vulnerability | Anzar Ahmed | Ni CRM Lead | High | 8.5 | 2024-12-13 14:24:41 | Deep Dive |
| CVE-2024-54237 | WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability | Anzar Ahmed | Ni CRM Lead | High | 7.1 | 2024-12-13 14:24:31 | Deep Dive |
| CVE-2024-52446 | WordPress Buying Buddy IDX CRM plugin <= 1.2.8 - CSRF to PHP Object Injection vulnerability | Buying Buddy | Buying Buddy IDX CRM | High | 8.8 | 2024-11-20 11:10:09 | Deep Dive |
| CVE-2024-51891 | WordPress Official SalesWizard CRM Plugin plugin <= 1.0.3 - Stored Cross Site Scripting (XSS) vulnerability | SalesWizard.pl | Official SalesWizard CRM Plugin | Medium | 6.5 | 2024-11-19 16:31:13 | Deep Dive |
| CVE-2024-11123 | 上海灵当信息科技有限公司 Lingdang CRM pdf.php path traversal | 上海灵当信息科技有限公司 | Lingdang CRM | Medium | 4.3 | 2024-11-12 13:00:14 | Deep Dive |
| CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload | 上海灵当信息科技有限公司 | Lingdang CRM | Medium | 6.3 | 2024-11-12 12:31:19 | Deep Dive |
| CVE-2024-11121 | 上海灵当信息科技有限公司 Lingdang CRM index.php sql injection | 上海灵当信息科技有限公司 | Lingdang CRM | Medium | 6.3 | 2024-11-12 12:31:09 | Deep Dive |
| CVE-2024-52350 | WordPress CRM 2go plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | nrmendez | CRM 2go | Medium | 6.5 | 2024-11-11 06:43:04 | Deep Dive |
| CVE-2024-37463 | WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability | CRM Perks | CRM Perks Forms | Medium | 5.3 | 2024-11-01 14:18:19 | Deep Dive |
| CVE-2024-49297 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.9.7 - SQL Injection vulnerability | zohocrm | Zoho CRM Lead Magnet | High | 8.5 | 2024-10-17 17:29:58 | Deep Dive |
| CVE-2024-49235 | WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability | videowhisper | Contact Forms, Live Support, CRM, Video Messages | - | - | 2024-10-17 17:24:18 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47769 | IDURAR has a Path Traversal (unauthenticated user can read sensitive data) | idurar | idurar-erp-crm | High | 7.5 | 2024-10-04 14:45:41 | Deep Dive |