Primary

Context

MWB HubSpot for WooCommerce Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability in the MWB HubSpot for WooCommerce plugin, specifically in versions through 1.5.9, allows authenticated users with Contributor-level access and above to bypass authorization checks and modify arbitrary data. This could lead to privilege escalation by enabling these users to change the default role of new users to administrator, potentially giving them full administrative access on the site.

Impact

Exploitation of this vulnerability could allow an authenticated user to gain administrative privileges on the WordPress site.

Remediation

Users are advised to update the MWB HubSpot for WooCommerce plugin to version 1.6.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MWB HubSpot for WooCommerce Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

MakeWebBetter MWB HubSpot for WooCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating