5 matches found
📄 Hustle Plugin 7.8.3 Hardcoded Credentials
Hustle plugin versions 7.8.3 and below contain hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php. CVE-2024-0368 Hustle Plugin = 7.8.3 contains hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php Vulnerability Summary | Field | Value |...
Exploit for CVE-2024-0368
CVE-2024-0368 Hustle Plugin = 7.8.3 contains hardcoded Hub...
CVE-2024-0368 Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...
CVE-2024-0368
The Hustle plugin for WordPress (wordpress-popup) versions up to and including 7.8.3 contains hardcoded HubSpot credentials in inc/providers/hubspot/hustle-hubspot-api.php (CLIENT_ID, CLIENT_SECRET, HAPIKEY). This root cause enables exposure of HubSpot API keys and potential access to PII via Hub...
WordPress Hustle Plugin <= 7.8.3 is vulnerable to Sensitive Data Exposure
Software Hustle Type Plugin Vulnerable versions = 7.8.3 Fixed in 7.8.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0368 Patch priority Low CVSS severity Low 8.6 Developer WPMU DEV PSID 27afdc4a9565 Credits Sean Murphy Required privilege...