cleantalk
Vulnerabilities and Security Researches

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics, CVE-2025-11762

CVE, Research URL

CVE-2025-11762

Home page URL

Security reports for HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

Application

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

Published on
Apr 24, 2026
Research Description
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract a list of all installed plugins and their versions which can be leveraged for reconnaissance and further attacks.
Affected versions
max 11.3.33.
Status
vulnerable
Previous vulnerability researches
Kognetiks Chatbot for WordPress (CVE-2025-11256) , Nov 10, 2025
Kognetiks Chatbot for WordPress (CVE-2024-35738) , Jun 10, 2024
Kognetiks Chatbot for WordPress (CVE-2024-4560) , Jun 07, 2024
Kognetiks Chatbot for WordPress (CVE-2024-10530) , Nov 14, 2024
Kognetiks Chatbot for WordPress (CVE-2024-32700) , Jun 07, 2024
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026