cleantalk
Vulnerabilities and Security Researches

LLM Hubspot Blog Import, CVE-2025-11257

CVE, Research URL

CVE-2025-11257

Home page URL

Security reports for LLM Hubspot Blog Import

Application

LLM Hubspot Blog Import

Published on
Oct 24, 2025
Research Description
The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data.
Affected versions
max 1.0.1.
Status
vulnerable
Previous vulnerability researches
WP Gravity Forms Zoho CRM and Bigin (CVE-2025-62981) , Nov 10, 2025
WP Gravity Forms Zoho CRM and Bigin (56cb8480-1791-4990-8fc7-2cb98a10c207) , Jun 07, 2024
New vulnerability
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-64285) , Nov 11, 2025
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-60192) , Nov 11, 2025
Footnotes Made Easy (CVE-2025-11733) , Nov 11, 2025
CoSchedule (CVE-2025-49913) , Nov 11, 2025
Simple Finance Calculator (CVE-2025-60246) , Nov 11, 2025