2 matches found
WordPress Hash Form Plugin <= 1.1.0 is vulnerable to PHP Object Injection
Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5085 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 96e7546828a2 Credits Francesco Carlucci Required privilege...
CVE-2024-5085 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'processentry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...