[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting

Author: Chris Kellum
type: webapps
platform: php
port: 
date_added: 2012-08-05 
date_updated: 2012-08-05 
verified: 0 
codes: OSVDB-84462 
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: WP Lead Management v3.0.0 Persistent XSS
# Date: 8/5/12
# Exploit Author: Chris Kellum
# Software Link: http://downloads.wordpress.org/plugin/wp-effective-lead-management.3.0.1.zip
# Version: 3.0.0



=====================
Vulnerability Details
=====================

The form does not properly sanitize input fields, allowing for XSS.

     Example:

          <script>alert('xss')</script>

XSS will fire when the admin views the lead management page if the javascript is included in the name, otherwise the javascript can be included in the "requirements" field and will fire when an admin "picks" the lead.

===================
Disclosure Timeline
===================

8/4/12 - Vulnerability discovered. No author contact information available. Public disclosure.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.