Lucene search
K

9 matches found

GithubExploit
GithubExploit
β€’added 2024/11/30 9:15 a.m.β€’268 views

Exploit for Unrestricted Upload of File with Dangerous Type in Hashthemes Hash_Form

Hash Form 9.9.1 file upload vulnerability Exploit The Hash...

9.8CVSS9.8AI score0.50934EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
β€’added 2024/06/07 5:23 p.m.β€’35 views

Metasploit Weekly Wrap-Up 06/07/2024

New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...

9.8CVSS10AI score0.50934EPSS
Exploits8
Circl
Circl
β€’added 2024/06/05 8:42 a.m.β€’13 views

CVE-2024-5084

creationtimestamp| type| source ---|---|--- 2024-06-05 08:42:42+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wphashformrce.rb 2024-07-03 04:29:30+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7843 2024-09-17 21:29:50+00:00|...

9.8CVSS8.6AI score0.50934EPSS
Exploits8References4
0day.today
0day.today
β€’added 2024/06/05 12:0 a.m.β€’469 views

WordPress Hash Form Plugin Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Hash Form Plugin RCE', 'Description' = %q The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical...

9.8CVSS7AI score0.50934EPSS
Exploits8
GithubExploit
GithubExploit
β€’added 2024/05/25 3:49 a.m.β€’346 views

Exploit for Unrestricted Upload of File with Dangerous Type in Hashthemes Hash_Form

Wordpress Hash Form – Drag & Drop Form Builder = 1.1.0 - Unau...

9.8CVSS10AI score0.50934EPSS
Exploits19
Patchstack
Patchstack
β€’added 2024/05/24 12:0 a.m.β€’26 views

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...

9.8CVSS7.1AI score0.50934EPSS
Exploits8References3Affected Software1
NVD
NVD
β€’added 2024/05/23 3:15 p.m.β€’23 views

CVE-2024-5084

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files ...

9.8CVSS9.9AI score0.50934EPSS
Exploits8References3
Cvelist
Cvelist
β€’added 2024/05/23 2:31 p.m.β€’51 views

CVE-2024-5084 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files ...

9.8CVSS9.8AI score0.50934EPSS
Exploits8References3
Vulnrichment
Vulnrichment
β€’added 2024/05/23 2:31 p.m.β€’21 views

CVE-2024-5084 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files ...

9.8CVSS7.9AI score0.50934EPSS
Exploits8References3
Rows per page
Query Builder