CVE-2024-8492

Published May 15, 2025

Last updated 10 months ago

CVSS medium 4.8

Overview

Description: The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Source: contact@wpscan.com
NVD status: Analyzed
Products: hustle

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

CVE-2024-8492 The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Si… https://t.co/DiUHswVU1y
@CVEnew
15 May 2025
239 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wpmudev:hustle:*:*:*:*:*:wordpress:*:*",
            "matchCriteriaId": "B467285B-2ADB-463B-9698-866F75672AB9",
            "versionEndExcluding": "7.8.5",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.•CVE-2024-0368

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References