HIGH🇬🇧 English

CVE-2022-1239

CVSS 8.8v3.1pub. 2022-05-02upd. 2024-11-21

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hubspot

    APP
    Hubspot
    < 8.8.15
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2024-5879MEDIUM6.4ten sam produkt

The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored ...

CVE-2026-25526CRITICAL9.8PL ✓ten sam vendor

HubSpot JinJava — obejście sandbox i wykonanie dowolnego kodu Java przez ForTag

CVE-2025-59340CRITICAL9.8PL ✓ten sam vendor

HubSpot Jinjava — ucieczka z sandbox i RCE przez deserializację szablonów

CVE-2017-16035HIGH8.1ten sam vendor

The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads...

CVE-2020-12668MEDIUM6.5ten sam vendor

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjav...

CVE-2022-1239 — HIGH 8.8 | CVEbaza.pl