CVE-2022-1239

Summary

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks

Affected Software

VendorProductVersion RangeStatus
UnknownHubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics8.8.15 < 8.8.15affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References