CVE-2026-25431 WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

CVE-2026-24998

CVE-2026-24998 affects Hustle (WordPress Hustle plugin) through its wordpress-popup component, exposing embedded sensitive data to an unauthorized actor. Affected versions: Hustle up to 7.8.9.2. Public details/patch status indicate remediation by updating to a newer Hustle version (&gt;7.8.9.2). ...

WordPress Hustle plugin <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upload via Module Import vulnerability

Authenticated Subscriber+ Arbitrary File Upload via Module Import vulnerability discovered by Williwollo CybrX in WordPress Plugin Hustle versions = 7.8.9.2...

WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Hustle versions = 7.8.9.2...

CVE-2024-10580

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submitform function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submi...

CVE-2019-11872

The Hustle aka wordpress-popup plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the...

WordPress Hustle plugin < 7.8.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Hustle versions 7.8.5...

WordPress Hustle Plugin <= 7.8.5 is vulnerable to Broken Access Control

Software Hustle Type Plugin Vulnerable versions = 7.8.5 Fixed in 7.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10580 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 82d2fb561073 Credits Vijaysimha Reddy vijaysimha Required privileg...

WordPress Hustle Plugin <= 7.8.3 is vulnerable to Sensitive Data Exposure

Software Hustle Type Plugin Vulnerable versions = 7.8.3 Fixed in 7.8.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0368 Patch priority Low CVSS severity Low 8.6 Developer WPMU DEV PSID 27afdc4a9565 Credits Sean Murphy Required privilege...

WordPress Hustle CSV Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Hustle a.k.a. wordpress-popup plugin is one of the online marketing plugins used in it. A CSV injection vulnerability exists in version...