The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Incsub
Incsub forminator |
|
References |
| |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-02T04:29:55.281Z
Updated: 2024-08-19T07:52:55.076Z
Reserved: 2024-08-01T15:55:43.612Z
Link: CVE-2024-7389
Vulnrichment
Updated: 2024-08-19T07:52:55.076Z
NVD
Status : Awaiting Analysis
Published: 2024-08-02T05:15:51.510
Modified: 2024-11-21T09:51:25.673
Link: CVE-2024-7389
Redhat
No data.