8.6
CVE-2024-0368
- EPSS 1.33%
- Veröffentlicht 13.03.2024 16:15:10
- Zuletzt bearbeitet 08.04.2026 19:19:08
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginHustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.
Mögliche Gegenmaßnahme
Hustle – Email Marketing, Lead Generation, Optins, Popups: Update to version 7.8.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Hustle – Email Marketing, Lead Generation, Optins, Popups
Version
*-7.8.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.33% | 0.797 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.