Wpmudev Hustle
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wpmudev Hustle.
By the Year
In 2026 there have been 2 vulnerabilities in Wpmudev Hustle with an average score of 6.4 out of ten. Last year, in 2025 Hustle had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.40 |
| 2025 | 1 | 0.00 |
| 2024 | 3 | 6.07 |
It may take a day or so for new Hustle vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wpmudev Hustle Security Vulnerabilities
The Hustle WP Plugin 7.x: Auth-Breach via hustle_module_converted AJAX
CVE-2026-2263
5.3 - Medium
- April 07, 2026
The Hustle Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustle_module_converted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for unauthenticated attackers to forge conversion tracking events for any Hustle module, including draft modules that are never displayed to users, thereby manipulating marketing analytics and conversion statistics.
AuthZ
Hustle WP plugin ARFU v7.8.9.2 (7.8.9.2)
CVE-2026-0911
7.5 - High
- January 24, 2026
The Hustle Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Unrestricted File Upload
"The Hustle" WP Plugin XSS via Unescaped Settings (<7.8.5)
CVE-2024-8492
- May 15, 2025
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
XSS
WordPress Plugin 'Hustle' Unauthorized Form Submission Vulnerability
CVE-2024-10580
5.3 - Medium
- November 27, 2024
The Hustle Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.
AuthZ
Unauthorized Form View in The Hustle WP Plugin <=7.8.5
CVE-2024-10579
4.3 - Medium
- November 26, 2024
The Hustle Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms.
AuthZ
The Hustle WP Plugin <=7.8.3 Sensitive Info Exposure via Hardcoded API Keys
CVE-2024-0368
8.6 - High
- March 13, 2024
The Hustle Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wpmudev Hustle or by Wpmudev? Click the Watch button to subscribe.
