CVE-2025-0796

Name of the Vulnerable Software and Affected Versions Mortgage Lead Capture System plugin for WordPress versions up to, and including, 8.2.10

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wprequal reset defaults action. This allows unauthenticated attackers to reset the plugin's settings by tricking a site administrator into performing an action, such as clicking on a link.

Recommendations For Mortgage Lead Capture System plugin for WordPress versions up to, and including, 8.2.10: Update to a version later than 8.2.10 to resolve the issue. As a temporary workaround, consider restricting access to the wprequal reset defaults action to minimize the risk of exploitation.