CVE-2024-5084

Published: 23/05/2024 Updated: 24/05/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated malicious users to upload arbitrary files on the affected site's server which may make remote code execution possible.

Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution

🚀 HashForm Exploit Script This script demonstrates the exploitation of CVE-2024-5084, a vulnerability in the Hash Form plugin for WordPress, which allows unauthenticated arbitrary file upload leading to remote code execution 📖 Vulnerability Details Name: CVE-2024-5084 Description: Unauthenticated Arbitrary File Upload to Remote Code Execution Affected Plugin: Hash Form

Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution

Hash Form – Drag & Drop Form Builder <= 110 - Unauthenticated Arbitrary File Upload to Remote Code Execution CVE-2024-5084 The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and includin

https://www.wordfence.com/threat-intel/vulnerabilities/id/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormBuilder.php#L764 https://plugins.trac.wordpress.org/changeset/3090341/https://nvd.nist.gov https://github.com/Chocapikk/CVE-2024-5084

CVE-2024-5084

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect