Security Advisory

CVE-2022-1239

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-02 16:05:49

Last updated 2024-08-02 23:55:24

Assigner WPScan

State PUBLISHED

Description

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks

← Browse all CVEs View on cve.org ↗