7.5
CVE-2024-7389
- EPSS 2.74%
- Veröffentlicht 02.08.2024 05:15:51
- Zuletzt bearbeitet 05.02.2025 14:59:01
- Quelle security@wordfence.com
- Teams Watchlist Login
- Unerledigt Login
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Incsub ≫ Forminator SwEditionfree SwPlatformwordpress Version < 1.29.2
Incsub ≫ Forminator SwEditionpro SwPlatformwordpress Version < 1.29.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.74% | 0.854 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.