7.5
CVE-2024-7389
- EPSS 2.74%
- Published 02.08.2024 05:15:51
- Last modified 05.02.2025 14:59:01
- Source security@wordfence.com
- Teams watchlist Login
- Open Login
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
Data is provided by the National Vulnerability Database (NVD)
Incsub ≫ Forminator SwEditionfree SwPlatformwordpress Version < 1.29.2
Incsub ≫ Forminator SwEditionpro SwPlatformwordpress Version < 1.29.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.74% | 0.854 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.