CyberRota
← Ana sayfaya dön

CVE-2026-10835

HIGH · CVSS 7.7 EPSS %0.21

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-26T07:16:22.120 · Çekilme zamanı: 2026-06-30T18:34:54.669307+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir. SQL Injection riski içeriyor.

CVE
CVE-2026-10835
Severity
HIGH
CVSS
7.7
EPSS
%0.21
WordPress

Orijinal NVD Açıklaması

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.