WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection
CVE-2023-31095

4.7MEDIUM

Key Information:

Vendor

WordPress
Status
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms
Vendor
CVE Published:
29 December 2023

What is CVE-2023-31095?

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8.

Affected Version(s)

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.8

References

https://patchstack.com/database/vulnerability/cf7-hubspot...
vdb-entry

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Le Ngoc Anh (Patchstack Alliance)
.
CVE-2023-31095 : WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection