CVE-2025-30893
WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2.
We have discovered 955 live websites that are affected by CVE-2025-30893.
Affected Software
| Product |  LeadConnector |
| Category | Wordpress Plugins |
| Vulnerable Domains | 955 live websites (12% of LeadConnector install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 6 versions ( 21% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Mar 27, 2025
- Updated - Mar 27, 2025
Credits
- Peter Thaleikis (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-30893 United States | 635 websites |
 GB | 71 websites |
 Australia | 50 websites |
 Canada | 37 websites |
 Germany | 17 websites |
 Bulgaria | 15 websites |
 Cyprus | 11 websites |
 France | 10 websites |
 Italy | 8 websites |
Website Distribution by TLD
Number of websites using CVE-2025-30893| .com | 682 websites |
| .co.uk | 49 websites |
| .com.au | 44 websites |
| .ca | 23 websites |
| .org | 16 websites |
| .net | 16 websites |
| .co | 8 websites |
| .it | 6 websites |
| .dk | 5 websites |
| .de | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-30893
Top websites that are affected by CVE-2025-30893. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com |  United Arab Emirates | ***,*** | |
| ***************.com | United States | ***,*** | |
| *****************.com | GB | ***,*** | |
| ******************.com | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| ********************.com | United States | *,***,*** | |
| **************.com | United States | *,***,*** | |
| ********************.com | United States | *,***,*** | |
| ****.ie |  Ireland | *,***,*** | |
| ******.com | United States | *,***,*** |
FAQ
CVE-2025-30893 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in LeadConnector
A total of 955 websites have been identified as vulnerable to CVE-2025-30893, based on global website indexing conducted by WebTechSurvey.
The LeadConnector is affected by the CVE-2025-30893 vulnerability.
LeadConnector versions up to and including 3.0.2 are vulnerable to CVE-2025-30893.