cleantalk
Vulnerabilities and Security Researches

Hustle – Email Marketing, Lead Generation, Optins, Popups, CVE-2019-11872

CVE, Research URL

CVE-2019-11872

Home page URL

Security reports for Hustle – Email Marketing, Lead Generation, Optins, Popups

Application

Hustle – Email Marketing, Lead Generation, Optins, Popups

Published on
May 30, 2019
Research Description
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text.
Affected versions
Min -, max 7.6.6.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-8492) , Oct 13, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-10579) , Nov 27, 2024
New vulnerability
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3502) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3503) , May 07, 2025
Category Widget (CVE-2025-46515) , May 07, 2025
Search Exclude (CVE-2025-2821) , May 07, 2025
IGIT Related Posts With Thumb Image After Posts (CVE-2025-46518) , May 07, 2025