WordPress plugin Forminator 安全漏洞

🗓️ 02 Aug 2024 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

Security flaw in WordPress Forminator plugin up to version 1.29.1 that exposes API keys, allowing unauthorized changes to settings or disclosure of user data.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-7389	2 Aug 202408:09	–	circl
CVE	CVE-2024-7389	2 Aug 202404:29	–	cve
Cvelist	CVE-2024-7389 Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure	2 Aug 202404:29	–	cvelist
EUVD	EUVD-2024-48325	3 Oct 202520:07	–	euvd
NVD	CVE-2024-7389	2 Aug 202405:15	–	nvd
OSV	CVE-2024-7389	2 Aug 202405:15	–	osv
Patchstack	WordPress Forminator Plugin <= 1.29.1 is vulnerable to Sensitive Data Exposure	2 Aug 202400:00	–	patchstack
Patchstack	WordPress Forminator plugin <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure vulnerability	2 Aug 202402:34	–	patchstack
Positive Technologies	PT-2024-38317 · WordPress · Forminator	2 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-7389	5 Feb 202511:56	–	redhatcve

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71
developers	www.developers.hubspot.com/docs/api/webhooks
developers	www.developers.hubspot.com/docs/api/webhooks
plugins	www.plugins.trac.wordpress.org/changeset/3047085/forminator/trunk/addons/pro/hubspot/lib/class-forminator-addon-hubspot-wp-api.php
cxsecurity	www.cxsecurity.com/cveshow/CVE-2024-7389/

31 Dec 2025 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.5

EPSS0.02841

SSVC

WordPress Forminator vulnerability API keys sensitive information disclosure plugin settings user data disclosure