← Zuruck zu CVEs
CVE-2024-7389
HIGH7.5
Beschreibung
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/2/2024
Zuletzt geandert2/5/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
incsub:forminator
Schwachen (CWE)
CWE-522CWE-522
Referenzen
https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api(security@wordfence.com)
https://developers.hubspot.com/docs/api/webhooks#scopes(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset/3047085/forminator/trunk/addons/pro/hubspot/lib/class-forminator-addon-hubspot-wp-api.php(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71?source=cve(security@wordfence.com)
https://www.vicarius.io/vsociety/posts/source-code-dive-to-hunt-for-secrets-in-forminator-code-cve-2024-7389(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.