CVE-2025-12696 - CERT CVE

  1. CVE-2025-12696

ID CVE-2025-12696
Sažetak The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them
Reference
CVSS
Base: 5.3
Impact: 1.4
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Zadnje važnije ažuriranje 15-12-2025 - 18:22
Objavljeno 14-12-2025 - 06:15