Security Advisory

CVE-2026-1890

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-26 06:00:09

Last updated 2026-03-26 13:33:43

Assigner WPScan

State PUBLISHED

Description

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data

← Browse all CVEs View on cve.org ↗