Inflection: Unsubscribe Any User

ID H1:281472
Type hackerone
Reporter hk755a
Modified 2017-11-29T01:15:14


Researcher reported that HubSpot's "unsubscribe" feature allows any user to unsubscribe from marketing emails without having to confirm their email address. Inflection does not consider this a vulnerability, as we want to make it as easy as possible for users to stop receiving marketing emails that they don't wish to receive. This has no security impact on users' accounts, and they can always resubscribe to marketing emails if they wish.