8.6
CVE-2024-0368
- EPSS 0.79%
- Veröffentlicht 13.03.2024 16:15:10
- Zuletzt bearbeitet 08.04.2026 19:19:08
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginHustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys
Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.
Mögliche Gegenmaßnahme
Hustle – Email Marketing, Lead Generation, Optins, Popups: Update to version 7.8.4, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.514 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api
https://developers.hubspot.com/docs/api/webhooks#scopes
https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13
https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933