CVE-2025-11762

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract a list of all installed plugins and their versions which can be leveraged for reconnaissance and further attacks.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

CWE ID

CWE-862

Source

NVD

Vendor

hubspotdev

Product

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

External References

https://plugins.trac.wordpress.org/browser/leadin/tags/11.3.33/public/admin/class-adminconstants.php
https://research.cleantalk.org/CVE-2025-11762
https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8c62e6-f459-433a-b0c4-c79285ea7fe9?source=cve

CVE-2025-11762

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment