Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-10580
PUBLISHED
More InfoOfficial Page
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
View Known Exploited Vulnerability (KEV) details
Published At-27 Nov, 2024 | 06:41
Updated At-27 Nov, 2024 | 14:40
Rejected At-
▼CVE Numbering Authority (CNA)
Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.

Affected Products
Vendor
Incsub, LLCwpmudev
Product
Hustle – Email Marketing, Lead Generation, Optins, Popups
Default Status
unaffected
Versions
Affected
  • From * through 7.8.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Vijaysimha Reddy
Timeline
EventDate
Disclosed2024-11-26 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/3b2f8726-c4c4-4ed6-aa8d-4412cf5be061?source=cve
N/A
https://plugins.trac.wordpress.org/browser/wordpress-popup/tags/7.8.5/inc/front/hustle-module-front-ajax.php#L251
N/A
https://plugins.trac.wordpress.org/changeset/3196639/wordpress-popup/tags/7.8.6/inc/front/hustle-module-front-ajax.php
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Incsub, LLCwpmudev
Product
hustle
CPEs
  • cpe:2.3:a:wpmudev:hustle:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through 7.8.5 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found