CVE-2025-12696

Summary

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

Affected Software

VendorProductVersion RangeStatus
UnknownHelloLeads CRM Form Shortcode0 <= 1.0affected

Weaknesses

  • CWE-862 Missing Authorization
  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References