HelloLeads CRM Form Shortcode

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them

Basic Information

ID CVE-2025-12696

Source WPScan

Published Dec 14, 2025 at 06:00

Modified Dec 15, 2025 at 14:45

Affected Product

Vendor Unknown

Product HelloLeads CRM Form Shortcode

Affected Versions Unknown HelloLeads CRM Form Shortcode 0

CWE Classification

References

wpscan.com /vulnerability/e552dfc8-c6e1-4605-bc36-30dc4066eaea/

{
    "lastseen": "",
    "description": "The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them",
    "published": "2025-12-14T06:00:02.516Z",
    "modified": "2025-12-15T14:45:40.689Z",
    "type": "cve",
    "title": "HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/e552dfc8-c6e1-4605-bc36-30dc4066eaea/",
    "id": "CVE-2025-12696",
    "bulletinFamily": "",
    "cwe": [
        "",
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown HelloLeads CRM Form Shortcode 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HelloLeads CRM Form Shortcode",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset_CVE-2025-12696