{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T08:37:34.435","vulnerabilities":[{"cve":{"id":"CVE-2024-7389","sourceIdentifier":"security@wordfence.com","published":"2024-08-02T05:15:51.510","lastModified":"2025-02-05T14:59:01.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration."},{"lang":"es","value":" El complemento Forminator para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.29.1 incluida a través de class-forminator-addon-hubspot-wp-api.php. Esto hace posible que atacantes no autenticados extraigan la clave API del desarrollador de integración de HubSpot y realicen cambios no autorizados en la integración de HubSpot del complemento o expongan información de identificación personal de los usuarios del complemento que utilizan la integración de HubSpot."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:incsub:forminator:*:*:*:*:free:wordpress:*:*","versionEndExcluding":"1.29.2","matchCriteriaId":"8F0D5A35-0E3D-4774-82CD-2C91E59470C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:incsub:forminator:*:*:*:*:pro:wordpress:*:*","versionEndExcluding":"1.29.2","matchCriteriaId":"C9EB0ECB-1B39-40FF-A85E-17AB10FDE719"}]}]}],"references":[{"url":"https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api","source":"security@wordfence.com","tags":["Related"]},{"url":"https://developers.hubspot.com/docs/api/webhooks#scopes","source":"security@wordfence.com","tags":["Related"]},{"url":"https://plugins.trac.wordpress.org/changeset/3047085/forminator/trunk/addons/pro/hubspot/lib/class-forminator-addon-hubspot-wp-api.php","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.vicarius.io/vsociety/posts/source-code-dive-to-hunt-for-secrets-in-forminator-code-cve-2024-7389","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}