Lucene search
K
HashthemesHash Form

4 matches found

CVE
CVE
added 2024/05/23 2:31 p.m.197 views

CVE-2024-5084

The Hash Form – Drag & Drop Form Builder WordPress plugin is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in the file_upload_action function in all versions up to 1.1.0, enabling potential remote code execution. Updated remediation indicates the fix is ...

9.8CVSS9.8AI score0.50934EPSS
Web
CVE
CVE
added 2024/05/23 2:31 p.m.99 views

CVE-2024-5085

CVE-2024-5085 affects the Hash Form – Drag & Drop Form Builder for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the process_entry function across all versions up to and including 1.1.0. This enables unauthenticated attackers to inject a PHP obje...

9.8CVSS8.3AI score0.0078EPSS
CVE
CVE
added 2024/12/12 6:46 a.m.66 views

CVE-2024-12201

CVE-2024-12201 relates to the WordPress plugin Hash Form – Drag & Drop Form Builder . It is described as vulnerable in all versions up to 1.2.1 due to a missing capability check during creation of form styles, enabling authenticated attackers with Contributor-level access and above to create new ...

4.3CVSS4.3AI score0.00369EPSS
CVE
CVE
added 2024/10/05 9:39 a.m.51 views

CVE-2024-9417

CVE-2024-9417 affects the WordPress Hash Form – Drag & Drop Form Builder plugin. All versions up to 1.1.9 are vulnerable to unauthenticated, limited file uploads due to a misconfigured file type validation in handleUpload, allowing files outside both the allowedExtensions and unallowed_extensions...

6.1CVSS6.3AI score0.00347EPSS