Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Network-reachable AJAX action exploitable by any authenticated subscriber gives AV:N/AC:L/PR:L/UI:N; SQLi reads data outside the plugin's context (S:C, C:H) but the description indicates disclosure only, so I:N/A:N.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.
Articles & Coverage 1
AnalysisAI
SQL injection in the SALESmanago & Leadoo WordPress plugin before 3.11.3 allows low-privileged authenticated users to inject arbitrary SQL through an unsanitised parameter passed to a vulnerable AJAX action. Because the action enforces no authorisation check, even subscriber-level accounts can reach it, and the CVSS scope-changed, high-confidentiality rating (7.7) reflects the ability to read data across the WordPress database. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress account with only minimal privileges (subscriber-level), and the target must run the SALESmanago & Leadoo plugin at a version before 3.11.3. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and point to a moderate, not critical, real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers (or reuses) a low-privilege subscriber account on a WordPress site running the vulnerable plugin, then sends a crafted authenticated AJAX request with a malicious value in the unsanitised parameter. Because the action enforces no authorisation, the injected SQL executes against the WordPress database, letting the attacker extract sensitive data such as user records and password hashes. … |
| Remediation | Vendor-released patch: upgrade the SALESmanago & Leadoo plugin to version 3.11.3 or later, per the WPScan advisory (https://wpscan.com/vulnerability/3c7b37ab-b069-4257-82b2-5b4c54f7e503/). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress instances using SALESmanago & Leadoo plugin and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Salesmanago Leadoo
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39625
GHSA-mprc-69fc-33c7