cleantalk
Vulnerabilities and Security Researches

Hustle – Email Marketing, Lead Generation, Optins, Popups, CVE-2019-11872

CVE, Research URL

CVE-2019-11872

Home page URL

Security reports for Hustle – Email Marketing, Lead Generation, Optins, Popups

Application

Hustle – Email Marketing, Lead Generation, Optins, Popups

Published on
May 30, 2019
Research Description
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text.
Affected versions
max 7.6.6.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-8492) , Oct 13, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-10579) , Nov 27, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025