CVE-2024-10580
Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form SubmissionThe Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.
We have discovered 6,891 live websites that are affected by CVE-2024-10580.
Affected Software
| Product |  Hustle |
| Category | Wordpress Plugins |
| Vulnerable Domains | 6,891 live websites (53.68% of Hustle install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 57 versions ( 98.28% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Nov 27, 2024
- Updated - Nov 27, 2024
Credits
- Vijaysimha Reddy (finder)
CWE
CVE References
CWE References
CVE-2024-10580 usage by Country
 United States | 2,983 websites |
 Germany | 647 websites |
 France | 501 websites |
 GB | 285 websites |
 Cyprus | 187 websites |
 Poland | 166 websites |
 Netherlands | 162 websites |
 Italy | 148 websites |
 Spain | 130 websites |
 South Africa | 100 websites |
CVE-2024-10580 usage by TLD
| .com | 3,465 websites |
| .org | 309 websites |
| .co.uk | 220 websites |
| .de | 203 websites |
| .fr | 159 websites |
| .nl | 155 websites |
| .it | 147 websites |
| .pl | 137 websites |
| .com.au | 134 websites |
| .net | 132 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-10580
Top websites that are affected by CVE-2024-10580. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org |  Israel | **,*** | |
| *******.com | United States | **,*** | |
| ***************.org | United States | **,*** | |
| ***************.********.***.es | Spain | **,*** | |
| ********.com | United States | **,*** | |
| *****************.com | United States | **,*** | |
| ***************.de | United States | **,*** | |
| *******.com | United States | ***,*** | |
| ********.com |  Indonesia | ***,*** | |
| *******************.com | United States | ***,*** |
FAQ
CVE-2024-10580 is Missing Authorization in Hustle
A total of 6,891 websites have been identified as vulnerable to CVE-2024-10580, discovered through global website indexing conducted by WebTechSurvey.
Hustle is susceptible to CVE-2024-10580 vulnerability.
Hustle versions before, and including, 7.8.5 are vulnerable to CVE-2024-10580.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3b2f8726-c4c4-4ed6-aa8d-4412cf5be061?source=cve
- https://plugins.trac.wordpress.org/browser/wordpress-popup/tags/7.8.5/inc/front/hustle-module-front-ajax.php#L251
- https://plugins.trac.wordpress.org/changeset/3196639/wordpress-popup/tags/7.8.6/inc/front/hustle-module-front-ajax.php