Vulnerabilities and security researches forllm-hubspot-blog-import llm-hubspot-blog-import

Nov 11, 2025

CVE, Research URL: CVE-2025-11257
Home page URL: Security reports for LLM Hubspot Blog Import
Application: LLM Hubspot Blog Import
Date: Oct 24, 2025
Research Description: The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data.
Affected versions: max 1.0.1.
Status: vulnerable