The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HHubspot
APPHubspot< 8.8.15
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Powiązane podatności
CVE-2024-5879MEDIUM6.4ten sam produkt
The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored ...
CVE-2026-25526CRITICAL9.8PL ✓ten sam vendor
HubSpot JinJava — obejście sandbox i wykonanie dowolnego kodu Java przez ForTag
CVE-2025-59340CRITICAL9.8PL ✓ten sam vendor
HubSpot Jinjava — ucieczka z sandbox i RCE przez deserializację szablonów
CVE-2017-16035HIGH8.1ten sam vendor
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads...
CVE-2020-12668MEDIUM6.5ten sam vendor
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjav...