7.5
CVE-2024-7389
- EPSS 2.84%
- Veröffentlicht 02.08.2024 05:15:51
- Zuletzt bearbeitet 05.02.2025 14:59:01
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginForminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
Mögliche Gegenmaßnahme
Forminator Forms – Contact Form, Payment Form & Custom Form Builder: Update to version 1.29.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Version
*-1.29.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Incsub ≫ Forminator SwEditionfree SwPlatformwordpress Version < 1.29.2
Incsub ≫ Forminator SwEditionpro SwPlatformwordpress Version < 1.29.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.84% | 0.858 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.