12 matches found
EUVD-2024-50674
Malicious code in bioql PyPI...
CVE-2024-12201
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...
CVE-2024-12201
CVE-2024-12201 relates to the WordPress plugin Hash Form – Drag & Drop Form Builder . It is described as vulnerable in all versions up to 1.2.1 due to a missing capability check during creation of form styles, enabling authenticated attackers with Contributor-level access and above to create new ...
CVE-2024-12201 Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...
WordPress plugin Hash Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Hash Form Plugin <= 1.1.9 is vulnerable to Arbitrary File Upload
Software Hash Form Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9417 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 599a3ecad6e0 Credits Rein Daelman trein Required privilege...
CVE-2024-9417
CVE-2024-9417 affects the WordPress Hash Form – Drag & Drop Form Builder plugin. All versions up to 1.1.9 are vulnerable to unauthenticated, limited file uploads due to a misconfigured file type validation in handleUpload, allowing files outside both the allowedExtensions and unallowed_extensions...
WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)
Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...
CVE-2024-5084
The Hash Form – Drag & Drop Form Builder WordPress plugin is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in the file_upload_action function in all versions up to 1.1.0, enabling potential remote code execution. Updated remediation indicates the fix is ...
CVE-2024-5085
CVE-2024-5085 affects the Hash Form – Drag & Drop Form Builder for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the process_entry function across all versions up to and including 1.1.0. This enables unauthenticated attackers to inject a PHP obje...
WordPress plugin Hash Form Drag Drop Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2024-34445 · WordPress · The Hash Form – Drag & Drop Form Builder
Name of the Vulnerable Software and Affected Versions: The Hash Form – Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the process entry function. This allows...