Unauthorized Data Modification in LLM Hubspot Blog Import Plugin for WordPress
CVE-2025-11257
4.3MEDIUM
What is CVE-2025-11257?
The LLM Hubspot Blog Import plugin for WordPress contains a security flaw that allows authenticated users with Subscriber-level permissions and above to exploit a missing capability check on the 'process_save_blogs' AJAX endpoint. This exploit enables attackers to import all Hubspot data, potentially leading to unauthorized data manipulation and exposure. It is crucial for users to update to the latest version and ensure robust access controls are in place to mitigate these risks.
Affected Version(s)
LLM Hubspot Blog Import 0 <= 1.0.1