CVE-2026-24559
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | integration_for_contact_form_7_hubspot | to 1.4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Integration for Contact Form 7 HubSpot plugin (versions up to 1.4.3) allows a malicious actor with subscriber or developer privileges to access sensitive information that should normally be restricted. It is classified as Sensitive Data Exposure under the OWASP Top 10 (A3). Although the severity is low (CVSS score 5.3), it can lead to unauthorized retrieval of embedded sensitive data. [1]
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information to unauthorized users, which may enable further exploitation of other system weaknesses. While the likelihood of exploitation is low, the impact involves potential data breaches and unauthorized data access within the affected plugin environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection would likely involve checking the version of the Integration for Contact Form 7 HubSpot plugin installed on your WordPress site to see if it is version 1.4.3 or earlier, as these versions are vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or patched version is currently available, immediate mitigation steps include limiting access to the plugin to trusted users only, monitoring for suspicious activity, and applying any recommended mitigation solutions or security intelligence provided by Patchstack to protect affected installations. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the exposure of sensitive data, which could lead to non-compliance with data protection regulations such as GDPR and HIPAA that require safeguarding sensitive information. Unauthorized access to sensitive data may result in violations of these standards, potentially leading to legal and regulatory consequences. However, specific impacts on compliance are not detailed in the provided resources. [1]