Lucene search
+L

218 matches found

NVD
NVD
added yesterday7 views

CVE-2026-9656

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS0.00158EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday30 views

CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS0.00158EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-9656

The CVE-2026-9656 entry concerns the HubSpot All-In-One Marketing – Forms, Popups, Live Chat WordPress plugin. Affected: all versions up to and including 11.3.62. Vulnerability: Sensitive Information Exposure via the wp_localize_script() / window.leadinConfig JavaScript object. Exploitation: auth...

4.3CVSS5.3AI score0.00158EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45152

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00158EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-9656

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00158EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 5:40 p.m.21 views

CVE-2026-57736

CVE-2026-57736 affects the WordPress HubSpot plugin (versions

7.4CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:40 p.m.8 views

EUVD-2026-41104

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS5.8AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 5:39 p.m.8 views

WordPress HubSpot plugin <= 11.3.55 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.55...

7.4CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54891

Name of the Vulnerable Software and Affected Versions HubSpot versions prior to 11.3.52 Description An issue involving the insertion of sensitive information into sent data allows for the retrieval of embedded sensitive data. Recommendations Update to a version newer than 11.3.51...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.9 views

Malicious code in @su-doughnym/hubspot-loginui-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fa1e159f93bb8a1336dc48fe329f3a7801ebf56a49620ce67fd013ea8995ae Package is openly labeled a dependency-confusion proof-of-concept and uses a high version number 99.99.99 consistent with that intent. The preinstall...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:1 p.m.8 views

Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb7ba5ebcb66930ae574353088696c939ed6e677c12437e78de7166e96b932 Package self-identifies in package.json as a dependency-confusion proof-of-concept targeting HubSpot's internal hs-locale-management namespace,...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/24 2:1 p.m.6 views

MAL-2026-6394 Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb7ba5ebcb66930ae574353088696c939ed6e677c12437e78de7166e96b932 Package self-identifies in package.json as a dependency-confusion proof-of-concept targeting HubSpot's internal hs-locale-management namespace,...

6.2AI score
Exploits0References4
NVD
NVD
added 2026/06/15 9:17 p.m.16 views

CVE-2026-49763

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS0.00383EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.19 views

CVE-2026-49763

CVE-2026-49763 concerns the WordPress plugin “WordPress Integration for Contact Form 7 HubSpot” (versions

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36887

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49511

Name of the Vulnerable Software and Affected Versions Integration for Contact Form 7 HubSpot versions prior to 1.3.8 Description An unauthenticated PHP Object Injection issue exists. PHP Object Injection occurs when untrusted input is passed to the PHP unserialize function, allowing an attacker t...

9.8CVSS6.3AI score0.00383EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.15 views

CVE-2025-11762

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

4.3CVSS5.4AI score0.00193EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/04 2:5 p.m.12 views

WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 HubSpot versions = 1.3.7...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/24 8:16 a.m.13 views

CVE-2025-11762

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

4.3CVSS0.00193EPSS
Exploits0References3
Rows per page
Query Builder