CyberRota
← Ana sayfaya dön

CVE-2026-10835

HIGH · CVSS 7.7 EPSS %0.21

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-26T07:16:22.120 · Çekilme zamanı: 2026-07-15T12:03:52.419394+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir. SQL Injection riski içeriyor.

CVE
CVE-2026-10835
Severity
HIGH
CVSS
7.7
EPSS
%0.21
WordPress

Orijinal NVD Açıklaması

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.