Hustle – Email Marketing, Lead Generation, Optins, Popups

Vulnerabilities 10Slug wordpress-popupLatest version 7.8.12.1WordPress.org →

Minimum safe version

7.8.11

Update to 7.8.11 or later to address 9 fixable vulnerabilities

Latest available7.8.12.1 Affected up to6.0.5
High 7.5
2026-01-24< 7.8.9.3

Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import

EUVDWordfenceCVE
Medium 5.3
2026-04-08< 7.8.11

Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

EUVDWordfenceCVE
Medium 5.3
2026-02-03< 7.8.9.3

CVE-2026-24998

CVEWordfence
Medium 4.8
2025-05-19< 7.8.5

WordPress Hustle Plugin < 7.8.5 is vulnerable to Cross Site Scripting (XSS)

PatchstackEUVDWordfenceCVE
N/A
2023-04-06< 7.6.6

Hustle <= 7.6.4 = Authenticated (Administrator+) Stored Cross-Site Scripting

Wordfence
High 8.8
2019-06-11< 6.0.8.1

WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin <= 6.0.7 - Unauthenticated CSV Injection vulnerability

PatchstackCVEWordfenceWPScan
Medium 5.3
2020-03-17≤ 6.0.5

CVE-2018-18576

CVE