CVE-2024-0368

HIGH

Hustle - Email Marketing - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0368. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-0368, which involves hardcoded HubSpot API credentials in the Hustle WordPress plugin. It includes vulnerability details, root cause analysis, and a Python script to test the exposed credentials.

Description

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.

Exploits (1)

nomisec WRITEUP 1 stars
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-0368

This repository provides a detailed technical analysis of CVE-2024-0368, which involves hardcoded HubSpot API credentials in the Hustle WordPress plugin. It includes vulnerability details, root cause analysis, and a Python script to test the exposed credentials.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Hustle WordPress Plugin <= 7.8.3
No auth needed
Prerequisites: Access to the vulnerable plugin's source code
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.6
EPSS 0.0079
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-522
Status published
Products (2)
wpmudev/hustle < 7.8.4
wpmudev/Hustle – Email Marketing, Lead Generation, Optins, Popups < 7.8.3
Published Mar 13, 2024
Tracked Since Feb 18, 2026