Vulnerabilities

CVE-2025-13361 - Web to SugarCRM Lead <= 1.0.0 - cross-site request forgery to custom field deletion

2025-12-21 0 views admin

CVE ID : CVE-2025-13361 Published : Dec. 21, 2025, 4:16 a.m. | 50 minutes ago Description : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-13361

Severity

MEDIUM

Published

Dec. 21, 2025

Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-13361mediumwordpress

CVE-2025-13361 - Web to SugarCRM Lead <= 1.0.0 - cross-site request forgery to custom field deletion

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15003 - SeaCMS admin_video.php sql injection

CVE-2025-15006 - Tenda WH450 HTTP Request CheckTools stack-based overflow

CVE-2025-15004 - DedeCMS freelist_main.php sql injection

CVE-2025-15005 - CouchCMS reCAPTCHA config.example.php hard-coded key

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting