CVE-2022-1239

CVE-2022-1239: HubSpot < 8.8.15 - Contributor+ Blind SSRF

Vendor Unknown
Product HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics
Weakness CWE-918 · SSRF
Published May 2, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks

Key dates

02Disclosure timeline

May 2, 2022 CVE published
August 2, 2024 Record updated