News
HubSpot WordPress Plugin patched a Forgery vulnerability
WPScan and the United States Government National Vulnerability Database published a notice of a vulnerability. This vulnerability got discovered in the HubSpot WordPress plugin. The vulnerability exposed users of the plugin to a Server Side Request Forgery attack.
The security researchers at WPScan published the given report: “The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks.”
The Open Web Application Security Project(OWASP) is a non-profit and worldwide organization. It works for software security. An SSRF vulnerability. This can result in the exposure of internal services that should not get exposed.OWASP states that in a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality.
This can result in reading or updating internal resources. Additionally, the attacker can supply or modify a URL to which the server will read or submit data.
Be careful selection of URLs; the attacker can read server configuration such as AWS metadata. In addition, it can connect internal services like HTTP-enabled databases. It can also perform post requests towards internal services, which should not get exposed.
The services that should not expose include Cloud server meta-data and Database HTTP interfaces. It also includes Internal REST interfaces and Files.
The HubSpot WordPress plugin is under use by over 200,000 publishers. It provides CRM, live chat, analytics, and email marketing-related capabilities.
However, the changelog documents updated in the software show different data. It shows that the HubSpot WordPress plugin received additional updates to fix other vulnerabilities. The security firm WPScan and the National Vulnerability Database state that the vulnerability was in version 8.8.15.
On the other hand, the HubSpot plugin changelog suggests that there were security fixes till version 8.9.20. Therefore, it is better to update the HubSpot plugin to at least version 8.9.20. However, the latest version of the HubSpot WordPress plugin is version 8.11.0.
Apple rumored to introduce iPhone 17 ‘Slim’ with a single camera
Amazon indicates employees unhappy with return-to-office mandate can quit
Apple sets its sight to dominate the Smart Home Market
ChatGPT rolls out SearchGPT on iOS in the US with real-time search function
Apple iPhone 16 series sales as per expectation so far: Ming-Chi Kuo
Google tests new verification checkmarks to combat scam websites
Apple looks set to unveil new Mac Mini and iPad Mini This October
-
Domains5 years ago8 best domain flipping platforms
-
Business4 years ago8 Best Digital Marketing Books to Read in 2020
-
How To's5 years agoHow to submit your website’s sitemap to Google Search Console
-
How To's5 years agoHow to register for Amazon Affiliate program
-
Domains4 years agoNew 18 end user domain name sales have taken place
-
Business4 years agoBest Work From Home Business Ideas
-
How To's4 years ago3 Best Strategies to Increase Your Profits With Google Ads
-
Domains4 years agoCrypto companies continue their venture to buy domains