The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
History

Mon, 19 Aug 2024 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*
Vendors & Products Incsub
Incsub forminator
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-02T04:29:55.281Z

Updated: 2024-08-19T07:52:55.076Z

Reserved: 2024-08-01T15:55:43.612Z

Link: CVE-2024-7389

cve-icon Vulnrichment

Updated: 2024-08-19T07:52:55.076Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-02T05:15:51.510

Modified: 2024-11-21T09:51:25.673

Link: CVE-2024-7389

cve-icon Redhat

No data.