[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNPSmb_gMylaE3uflPqXlRMFI8v0XmXXsDVVgf2_fmkk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":26,"research_verified":27,"research_rounds_completed":28,"research_plan":29,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":30,"research_started_at":31,"research_completed_at":32,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":27,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":27,"source_links":33},"CVE-2026-1890","leadconnector-missing-authorization","LeadConnector \u003C 3.0.22 - Missing Authorization","The LeadConnector plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 3.0.22 (exclusive). This makes it possible for unauthenticated attackers to perform an unauthorized action.","leadconnector",null,"\u003C3.0.22","3.0.22","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-30 00:00:00","2026-04-09 16:08:47",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F21552524-9f3f-4ef1-b8bc-9eb6ebfaac12?source=api-prod",11,[22,23,24,25],"LeadConnector.php","README.txt","admin\u002Fapp.js","admin\u002Fclass-lc-admin.php","researched",false,3,"## Vulnerability Research Plan: CVE-2026-1890 (LeadConnector Missing Authorization)\n\n### 1. Vulnerability Summary\nThe **LeadConnector** plugin (versions \u003C 3.0.22) contains a missing authorization vulnerability. Specifically, an AJAX handler or a frontend request processor (triggered via query variables) fails to perform a capability check (e.g., `current_user_can('manage_options')`) before executing a privileged action. This allows unauthenticated attackers to perform unauthorized actions, such as purging the plugin's CDN cache or potentially modifying plugin settings.\n\nBased on the source code provided and the CVSS vector (5.3 - Integrity Low), the most likely vulnerable function is an AJAX action related to **CDN Cache Purging** or the processing of the **`lc_code`** query variable used for OAuth-like handshakes.\n\n### 2. Attack Vector Analysis\n*   **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Action:** `lc_purge_cache` (inferred from `admin\u002Fapp.js` and changelog)\n*   **Alternative Endpoint:** Homepage GET request with query variables (`\u002F?lc_code=...`)\n*   **Authentication:** None required (unauthenticated).\n*   **Preconditions:** The plugin must be active. For the cache purge, settings related to the CDN might need to be \"visible\" (as per changelog 3.0.19).\n\n### 3. Code Flow\n1.  **Entry","gemini-3-flash-preview","2026-04-17 22:20:48","2026-04-17 22:21:44",{"type":34,"vulnerable_version":35,"fixed_version":11,"vulnerable_browse":36,"vulnerable_zip":37,"fixed_browse":38,"fixed_zip":39,"all_tags":40},"plugin","3.0.21","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fleadconnector\u002Ftags\u002F3.0.21","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleadconnector.3.0.21.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fleadconnector\u002Ftags\u002F3.0.22","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleadconnector.3.0.22.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fleadconnector\u002Ftags"]