2 matches found
CVE-2024-12201 Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...
CVE-2024-12201
CVE-2024-12201 relates to the WordPress plugin Hash Form – Drag & Drop Form Builder . It is described as vulnerable in all versions up to 1.2.1 due to a missing capability check during creation of form styles, enabling authenticated attackers with Contributor-level access and above to create new ...