The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
https://wpscan.com/vulnerability/4ad2bb96-87a4-4590-a058-b03b33d2fcee