EUVD-2025-35813

🗓️ 24 Oct 2025 08:24:00Reported by EUVDType

Vulnerability in Hubspot Blog Import plugin allows subscribers to trigger full Hubspot data import via process_save_blogs AJAX.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-11257	24 Oct 202509:39	–	circl
CNNVD	WordPress plugin LLM Hubspot Blog Import 安全漏洞	25 Oct 202500:00	–	cnnvd
CVE	CVE-2025-11257	24 Oct 202508:24	–	cve
Cvelist	CVE-2025-11257 LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import	24 Oct 202508:24	–	cvelist
NVD	CVE-2025-11257	24 Oct 202509:15	–	nvd
Patchstack	WordPress LLM Hubspot Blog Import plugin <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import vulnerability	23 Oct 202522:41	–	patchstack
Positive Technologies	PT-2025-43592	24 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11257	25 Oct 202508:29	–	redhatcve
Vulnrichment	CVE-2025-11257 LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import	24 Oct 202508:24	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 20, 2025 to October 26, 2025)	30 Oct 202516:01	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "2fceed55-043b-3cbf-97bc-201b163f4a4d",
        "vendor": {
          "name": "limelightmarketing"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "92099bff-3170-3514-b474-9556200077c1",
        "product": {
          "name": "LLM Hubspot Blog Import"
        },
        "product_version": "* ≤1.0.1"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/682ec57a-f67c-40a9-91cd-2a11159ff695
wordpress	www.wordpress.org/plugins/llm-hubspot-blog-import/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-11257

24 Oct 2025 12:30Current

4.6Medium risk

Vulners AI Score4.6

CVSS 3.14.3

EPSS0.00184

SSVC