Login Sign Up

CVE-2022-1239

8.8 HIGH
SSRF

📋 TL;DR

The HubSpot WordPress plugin before version 8.8.15 contains a Server-Side Request Forgery (SSRF) vulnerability. It allows users with edit_posts capability (contributors and above by default) to make unauthorized requests to internal systems via an unvalidated proxy URL endpoint. This affects WordPress sites using vulnerable versions of the HubSpot plugin.

💻 Affected Systems

Products:
  • HubSpot WordPress plugin
Versions: All versions before 8.8.15
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user with edit_posts capability (contributor role or higher by default).

📦 What is this software?

Hubspot by Hubspot

View all CVEs affecting Hubspot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, scan internal networks, interact with cloud metadata services, or pivot to other systems, potentially leading to data exfiltration or further compromise.

🟠

Likely Case

Internal network scanning, accessing internal APIs or services, and potentially retrieving sensitive information from internal systems.

🟢

If Mitigated

Limited to testing connectivity to internal services if proper network segmentation and access controls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires contributor-level access or higher. Public proof-of-concept exists in vulnerability databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.8.15 and later

Vendor Advisory: https://wpscan.com/vulnerability/4ad2bb96-87a4-4590-a058-b03b33d2fcee

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find HubSpot plugin and click 'Update Now'. 4. Verify version is 8.8.15 or higher.

🔧 Temporary Workarounds

Restrict user capabilities

all

Remove edit_posts capability from contributors or limit plugin access to administrators only.

Use WordPress role management plugins or custom code to modify capabilities

Disable proxy endpoint

all

Block access to the vulnerable REST endpoint via web application firewall or .htaccess rules.

Add rewrite rule to block /wp-json/hubspot/v1/proxy endpoint

🧯 If You Can't Patch

  • Implement network segmentation to restrict outbound connections from web servers
  • Deploy web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for HubSpot version below 8.8.15.

Check Version:

wp plugin list --name=hubspot --field=version

Verify Fix Applied:

Confirm HubSpot plugin version is 8.8.15 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from web server to internal IPs
  • Requests to /wp-json/hubspot/v1/proxy with unusual URLs

Network Indicators:

  • Web server making requests to internal services, cloud metadata endpoints, or unusual ports

SIEM Query:

source="web_server" AND (uri_path="/wp-json/hubspot/v1/proxy" OR user_agent CONTAINS "HubSpot") AND dest_ip IN (RFC1918, cloud_metadata_ips)

📊 Metadata

CVE ID: CVE-2022-1239
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: May 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1239, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)