Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

leyka

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2024-49252
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 69.55%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress leyka plugin <=3.31.6 - Broken Access Control vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in VaultDweller Leyka leyka.This issue affects Leyka: from n/a through <= 3.31.6.

Action-Not Available
Vendor-VaultDwellerteplitsa_of_social_technologies
Product-Leykaleyka
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2023-33327
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.27%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 21:25
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka plugin <= 3.30.2 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.

Action-Not Available
Vendor-Teplitsa of social technologiesteplitsa_of_social_technologies
Product-Leykaleyka
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-27442
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:20
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.

Action-Not Available
Vendor-techsoupeuropeTeplitsa of social technologies
Product-leykaLeyka
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2995
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 41.17%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 19:37
Updated-23 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leyka < 3.30.4 - Admin+ Stored XSS

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-te-stUnknown
Product-leykaLeyka
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4917
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 63.44%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 02:54
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.

Action-Not Available
Vendor-te-stvaultdweller
Product-leykaLeyka
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-33325
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 12:34
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka Plugin <= 3.30.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.

Action-Not Available
Vendor-te-stTeplitsa of social technologies
Product-leykaLeyka
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-39314
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG+0.02%
Published-10 Aug, 2023 | 12:46
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka Plugin <= 3.30.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.

Action-Not Available
Vendor-te-stTeplitsa of social technologies
Product-leykaLeyka
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-27450
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 12:49
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.

Action-Not Available
Vendor-te-stTeplitsa of social technologies
Product-leykaLeyka
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')