CVE-2025-12696

medium

Description

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

References

https://wpscan.com/vulnerability/e552dfc8-c6e1-4605-bc36-30dc4066eaea/

Details

Source: Mitre, NVD

Published: 2025-12-14

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N