PT-2022-13739 · Hubspot · Hubspot Wordpress Plugin

Brandon Roldan

Published

2022-05-02

Updated

2022-05-09

CVE-2022-1239

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HubSpot WordPress plugin versions prior to 8.8.15

Description The issue allows users with the edit posts capability, by default contributor and above, to perform Server-Side Request Forgery (SSRF) attacks due to the lack of validation of the proxy URL given to the proxy REST endpoint.

Recommendations For versions prior to 8.8.15, update to version 8.8.15 or later to resolve the issue. As a temporary workaround, consider restricting the edit posts capability to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-1239

Affected Products

Hubspot Wordpress Plugin

PT-2022-13739 · Hubspot · Hubspot Wordpress Plugin

CVE-2022-1239

Weakness Enumeration

Related Identifiers

Affected Products

References · 5