{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11257", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-03T12:21:46.347Z", "datePublished": "2025-10-24T08:24:00.500Z", "dateUpdated": "2026-04-08T16:58:24.393Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:24.393Z"}, "affected": [{"vendor": "limelightmarketing", "product": "LLM Hubspot Blog Import", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data."}], "title": "LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/682ec57a-f67c-40a9-91cd-2a11159ff695?source=cve"}, {"url": "https://wordpress.org/plugins/llm-hubspot-blog-import/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-10-23T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-24T12:10:47.066290Z", "id": "CVE-2025-11257", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-24T12:30:47.803Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11257", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-24T12:10:47.066290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-24T12:10:47.801Z"}}], "cna": {"title": "LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "limelightmarketing", "product": "LLM Hubspot Blog Import", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-23T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/682ec57a-f67c-40a9-91cd-2a11159ff695?source=cve"}, {"url": "https://wordpress.org/plugins/llm-hubspot-blog-import/"}], "descriptions": [{"lang": "en", "value": "The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:24.393Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11257", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:58:24.393Z", "dateReserved": "2025-10-03T12:21:46.347Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-24T08:24:00.500Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data."}], "id": "CVE-2025-11257", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-24T09:15:42.680", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/llm-hubspot-blog-import/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/682ec57a-f67c-40a9-91cd-2a11159ff695?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:03:38.217337+00:00", "value": {"mitigation_remediation": ["Update the LLM Hubspot Blog Import plugin to the latest version available from the vendor to ensure the missing capability check is implemented.", "If an update is not immediately feasible, deactivate or uninstall the plugin to prevent unauthorized import attempts.", "Restrict Subscriber roles from accessing the site's AJAX endpoints by modifying role capabilities or using a security plugin to enforce stricter access control."], "summary": {"action": "Patch", "impact": "Unauthorized data modification via missing capability check"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress installations that have the Limelightmarketing LLM Hubspot Blog Import plugin installed at versions 1.0.1 or earlier. The issue applies to all WordPress environments that use the plugin and where subscribers are granted the ability to interact with the AJAX endpoint. The plugin is identified by the vendor Limelightmarketing and the product LLM Hubspot Blog Import.", "description_and_impact": "The LLM Hubspot Blog Import plugin for WordPress contains a missing capability check on the 'process_save_blogs' AJAX endpoint in all releases up to and including 1.0.1. As a result, any authenticated user with the Subscriber role or higher can invoke the endpoint and trigger the import of all Hubspot data. This flaw allows attackers to alter blog content, potentially deleting or modifying posts, without proper authorization.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. Although the flaw does not enable remote code execution, the impact on data integrity is significant because any logged\u2011in user can trigger a full re\u2011import and overwrite existing blog content. The vulnerability is not listed in CISA's KEV catalog, further indicating the exploit community has not widely leveraged this flaw yet. Prior to a patch, an attacker only needs a valid authenticated session with Subscriber level or higher; no special network exposure is required."}}}}, "created": "2025-10-27T22:13:20.618942+00:00", "updated": "2026-04-22T14:15:20.397052+00:00", "vendors": ["limelightmarketing", "limelightmarketing$PRODUCT$llm_hubspot_blog_import", "wordpress", "wordpress$PRODUCT$wordpress"]}