← volver
CVE-2022-1239

HubSpot < 8.8.15 - Contributor+ Blind SSRF

EPSS 1.4%CWE-918
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
Productos afectados
Unknown · HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/4ad2bb96-87a4-4590-a058-b03b33d2fcee