Lucene search

CVE-2024-5085

🗓️ 23 May 2024 15:16:15Reported by [email protected]Type

The Hash Form plugin for WordPress (up to v1.1.0) allows unauthenticated attackers to perform PHP Object Injection via 'process_entry' function, potentially leading to file deletion, data retrieval, or code execution

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Vulnrichment	CVE-2024-5085 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection	23 May 202414:31	–	vulnrichment
CVE	CVE-2024-5085	23 May 202415:15	–	cve
WPVulnDB	Hash Form – Drag & Drop Form Builder < 1.1.1 - Unauthenticated PHP Object Injection	23 May 202400:00	–	wpvulndb
Patchstack	WordPress Hash Form Plugin <= 1.1.0 is vulnerable to PHP Object Injection	24 May 202400:00	–	patchstack
RedhatCVE	CVE-2024-5085	5 Feb 202506:21	–	redhatcve
Cvelist	CVE-2024-5085 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection	23 May 202414:31	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)	30 May 202415:23	–	wordfence

Nvd

Node

hashthemes hash_formRange<1.1.1wordpress

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc
plugins	www.plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormEntry.php
plugins	www.plugins.trac.wordpress.org/changeset/3090341/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 May 2024 15:15Current

8.3High risk

Vulners AI Score8.3

CVSS38.1 - 9.8

EPSS0.10006

CWE-502