Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-5240: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in vcita CRM and Lead Management by vcita

Medium
VulnerabilityCVE-2025-5240cvecve-2025-5240cwe-79
Published: Tue Jul 22 2025 (07/22/2025, 01:44:27 UTC)
Source: CVE Database V5
Vendor/Project: vcita
Product: CRM and Lead Management by vcita

Description

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-05-26T22:35:10.757Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 687ef0e1a83201eaac16c9cc

Added to database: 7/22/2025, 2:01:05 AM

Last updated: 7/22/2025, 2:01:05 AM

Views: 1

Related Threats

CVE-2025-7949: Open Redirect in Sanluan PublicCMS

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-6831: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpeverest User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-7948: Weak Password Recovery in jshERP

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-7947: Improper Authorization in jshERP

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-7946: Cross Site Scripting in PHPGurukul Apartment Visitors Management System

Medium
VulnerabilityTue Jul 22 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats