CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Patchstack•added 2024/12/12 5:48 p.m.•2 views

WordPress Hash Form plugin <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation vulnerability

Missing Authorization to Authenticated Contributor+ Form Style Creation vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Hash Form versions = 1.2.1...

4.3CVSS7AI score0.00205EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/07 12:35 a.m.•3 views

WordPress Hash Form plugin <= 1.1.9 - Unauthenticated Limited File Upload vulnerability

Unauthenticated Limited File Upload vulnerability discovered by Rein Daelman trein in WordPress Plugin Hash Form versions = 1.1.9...

6.1CVSS7AI score0.00398EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/07 12:0 a.m.•13 views

WordPress Hash Form Plugin <= 1.1.9 is vulnerable to Arbitrary File Upload

Software Hash Form Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9417 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 599a3ecad6e0 Credits Rein Daelman trein Required privilege...

6.1CVSS6.9AI score0.00398EPSS

Exploits0References3Affected Software1

Rapid7 Blog•added 2024/06/07 5:23 p.m.•32 views

Metasploit Weekly Wrap-Up 06/07/2024

New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...

9.8CVSS10AI score0.9323EPSS

Exploits8

Patchstack•added 2024/05/24 5:53 a.m.•5 views

WordPress Hash Form – Drag & Drop Form Builder plugin <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution vulnerability

Unauthenticated Arbitrary File Upload to Remote Code Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Hash Form versions = 1.1.0...

9.8CVSS7.5AI score0.9323EPSS

Exploits8References1Affected Software1

Patchstack•added 2024/05/24 12:0 a.m.•9 views

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5085 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 96e7546828a2 Credits Francesco Carlucci Required privilege...

9.8CVSS6.8AI score0.0441EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/05/24 12:0 a.m.•20 views

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...

9.8CVSS7.1AI score0.9323EPSS

Exploits8References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by