// For flags

CVE-2024-7389

Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.

El complemento Forminator para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.29.1 incluida a través de class-forminator-addon-hubspot-wp-api.php. Esto hace posible que atacantes no autenticados extraigan la clave API del desarrollador de integración de HubSpot y realicen cambios no autorizados en la integración de HubSpot del complemento o expongan información de identificación personal de los usuarios del complemento que utilizan la integración de HubSpot.

*Credits: Sean Murphy
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-08-01 CVE Reserved
  • 2024-08-01 CVE Published
  • 2024-08-19 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wpmudev
Search vendor "Wpmudev"
 Forminator – Contact Form, Payment Form & Custom Form Builder
Search vendor "Wpmudev" for product "Forminator – Contact Form, Payment Form & Custom Form Builder"
 <= 1.29.1
Search vendor "Wpmudev" for product "Forminator – Contact Form, Payment Form & Custom Form Builder" and version " <= 1.29.1"
en
Affected