EPSS
Percentile
48.4%
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin (versions <= 0.98).
Update the WordPress WP Lead Plus X plugin to the latest available version (at least 0.99).
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11509
wordpress.org/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/
www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/