EUVD-2024-50674

Malicious code in bioql PyPI...

CVE-2024-12201

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...

CVE-2024-12201

CVE-2024-12201 relates to the WordPress plugin Hash Form – Drag & Drop Form Builder . It is described as vulnerable in all versions up to 1.2.1 due to a missing capability check during creation of form styles, enabling authenticated attackers with Contributor-level access and above to create new ...

CVE-2024-12201 Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...

WordPress plugin Hash Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Hash Form Plugin <= 1.1.9 is vulnerable to Arbitrary File Upload

Software Hash Form Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9417 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 599a3ecad6e0 Credits Rein Daelman trein Required privilege...

CVE-2024-9417

CVE-2024-9417 affects the WordPress Hash Form – Drag & Drop Form Builder plugin. All versions up to 1.1.9 are vulnerable to unauthenticated, limited file uploads due to a misconfigured file type validation in handleUpload, allowing files outside both the allowedExtensions and unallowed_extensions...

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...

CVE-2024-5084

The Hash Form – Drag & Drop Form Builder WordPress plugin is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in the file_upload_action function in all versions up to 1.1.0, enabling potential remote code execution. Updated remediation indicates the fix is ...

CVE-2024-5085

CVE-2024-5085 affects the Hash Form – Drag & Drop Form Builder for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the process_entry function across all versions up to and including 1.1.0. This enables unauthenticated attackers to inject a PHP obje...

PT-2024-34445 · WordPress · The Hash Form – Drag & Drop Form Builder

Name of the Vulnerable Software and Affected Versions: The Hash Form – Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the process entry function. This allows...

WordPress plugin Hash Form Drag Drop Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...