cleantalk
Vulnerabilities and Security Researches

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics, CVE-2022-1239

CVE, Research URL

CVE-2022-1239

Home page URL

Security reports for HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

Application

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

Published on
May 02, 2022
Research Description
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
Affected versions
max 8.8.15.
Status
vulnerable
Previous vulnerability researches
Leadinfo (CVE-2025-48271) , Jun 04, 2025
Leadinfo (CVE-2024-32112) , Jun 07, 2024
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics (CVE-2022-1239) , Jun 07, 2024
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics (CVE-2025-11762) , Apr 24, 2026
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics (CVE-2024-5879) , Aug 30, 2024
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026