CVE-2024-0368 Information

Mar 14, 2024 cve

Description

The Hustle – Email Marketing Lead Generation Optins Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13 https://developers.hubspot.com/docs/api/webhooks#scopes https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php

Share on: