CVE-2024-10580

Name of the Vulnerable Software and Affected Versions Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress versions up to and including 7.8.5

Description The issue is related to unauthorized form submissions due to a missing capability check on the submit form() function. This allows unauthenticated attackers to submit unpublished forms.

Recommendations For versions up to and including 7.8.5, consider disabling the submit form() function until a patch is available to prevent unauthorized form submissions. Update to a version later than 7.8.5 to resolve the issue.