MEDIUM
hubspotdev
CVE published 2026-07-17
CVE-2026-9656
The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure, allowing authenticated attackers with contributor-level access to extract the site's plaintext HubSpot OAuth refresh token. This token can be used to access or modify data in the connected HubSpot tenant. The vulnerability affects all versions up to, and including, 11.3.62. The [truncated]