cleantalk
Vulnerabilities and Security Researches

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics, CVE-2025-11762

CVE, Research URL

CVE-2025-11762

Home page URL

Security reports for HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

Application

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics

Published on
Apr 24, 2026
Research Description
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract a list of all installed plugins and their versions which can be leveraged for reconnaissance and further attacks.
Affected versions
max 11.3.33.
Status
vulnerable
Previous vulnerability researches
Publitio (CVE-2025-62947) , Nov 11, 2025
Publitio (CVE-2025-58962) , Apr 24, 2026
Publitio (CVE-2025-31799) , Apr 04, 2025
Publitio (CVE-2025-31798) , Apr 04, 2025
New vulnerability
TZ Plus Gallery (CVE-2025-57974) , Apr 24, 2026
User Meta – User Profile Builder and User management plugin (CVE-2025-9693) , Apr 24, 2026
Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin (CVE-2025-8588) , Apr 24, 2026
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-59567) , Apr 24, 2026
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2025-8388) , Apr 24, 2026