218 matches found
CVE-2026-9656
The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...
CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script
The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...
CVE-2026-9656
The CVE-2026-9656 entry concerns the HubSpot All-In-One Marketing – Forms, Popups, Live Chat WordPress plugin. Affected: all versions up to and including 11.3.62. Vulnerability: Sensitive Information Exposure via the wp_localize_script() / window.leadinConfig JavaScript object. Exploitation: auth...
EUVD-2026-45152
The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...
CVE-2026-9656
The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...
CVE-2026-57736
CVE-2026-57736 affects the WordPress HubSpot plugin (versions
EUVD-2026-41104
Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...
WordPress HubSpot plugin <= 11.3.55 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.55...
PT-2026-54891
Name of the Vulnerable Software and Affected Versions HubSpot versions prior to 11.3.52 Description An issue involving the insertion of sensitive information into sent data allows for the retrieval of embedded sensitive data. Recommendations Update to a version newer than 11.3.51...
Malicious code in @su-doughnym/hubspot-loginui-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fa1e159f93bb8a1336dc48fe329f3a7801ebf56a49620ce67fd013ea8995ae Package is openly labeled a dependency-confusion proof-of-concept and uses a high version number 99.99.99 consistent with that intent. The preinstall...
Malicious code in hs-locale-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb7ba5ebcb66930ae574353088696c939ed6e677c12437e78de7166e96b932 Package self-identifies in package.json as a dependency-confusion proof-of-concept targeting HubSpot's internal hs-locale-management namespace,...
MAL-2026-6394 Malicious code in hs-locale-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb7ba5ebcb66930ae574353088696c939ed6e677c12437e78de7166e96b932 Package self-identifies in package.json as a dependency-confusion proof-of-concept targeting HubSpot's internal hs-locale-management namespace,...
CVE-2026-49763
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
CVE-2026-49763
CVE-2026-49763 concerns the WordPress plugin “WordPress Integration for Contact Form 7 HubSpot” (versions
EUVD-2026-36887
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
PT-2026-49511
Name of the Vulnerable Software and Affected Versions Integration for Contact Form 7 HubSpot versions prior to 1.3.8 Description An unauthenticated PHP Object Injection issue exists. PHP Object Injection occurs when untrusted input is passed to the PHP unserialize function, allowing an attacker t...
CVE-2025-11762
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...
WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 HubSpot versions = 1.3.7...
CVE-2025-11762
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...