CVE-2024-7389

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
Configurations

No configuration.

History

21 Nov 2024, 09:51

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/source-code-dive-to-hunt-for-secrets-in-forminator-code-cve-2024-7389 -

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) El complemento Forminator para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.29.1 incluida a través de class-forminator-addon-hubspot-wp-api.php. Esto hace posible que atacantes no autenticados extraigan la clave API del desarrollador de integración de HubSpot y realicen cambios no autorizados en la integración de HubSpot del complemento o expongan información de identificación personal de los usuarios del complemento que utilizan la integración de HubSpot.

02 Aug 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 05:15

Updated : 2024-11-21 09:51


NVD link : CVE-2024-7389

Mitre link : CVE-2024-7389

CVE.ORG link : CVE-2024-7389


JSON object : View

Products Affected

No product.

CWE
CWE-522

Insufficiently Protected Credentials