4 matches found
CVE-2024-5084
The Hash Form – Drag & Drop Form Builder WordPress plugin is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in the file_upload_action function in all versions up to 1.1.0, enabling potential remote code execution. Updated remediation indicates the fix is ...
CVE-2024-5085
CVE-2024-5085 affects the Hash Form – Drag & Drop Form Builder for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the process_entry function across all versions up to and including 1.1.0. This enables unauthenticated attackers to inject a PHP obje...
CVE-2024-12201
CVE-2024-12201 relates to the WordPress plugin Hash Form – Drag & Drop Form Builder . It is described as vulnerable in all versions up to 1.2.1 due to a missing capability check during creation of form styles, enabling authenticated attackers with Contributor-level access and above to create new ...
CVE-2024-9417
CVE-2024-9417 affects the WordPress Hash Form – Drag & Drop Form Builder plugin. All versions up to 1.1.9 are vulnerable to unauthenticated, limited file uploads due to a misconfigured file type validation in handleUpload, allowing files outside both the allowedExtensions and unallowed_extensions...