CVE-2025-47468
- EPSS 0.08%
- Veröffentlicht 07.05.2025 14:19:42
- Zuletzt bearbeitet 08.05.2025 14:39:18
Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8.
CVE-2024-12201
- EPSS 0.21%
- Veröffentlicht 12.12.2024 07:15:09
- Zuletzt bearbeitet 27.02.2025 02:45:31
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attac...
CVE-2024-9417
- EPSS 0.4%
- Veröffentlicht 05.10.2024 10:15:02
- Zuletzt bearbeitet 27.02.2025 19:30:33
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for una...
CVE-2024-5085
- EPSS 4.41%
- Veröffentlicht 23.05.2024 15:15:16
- Zuletzt bearbeitet 01.03.2025 02:33:14
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthe...
CVE-2024-5084
- EPSS 92.8%
- Veröffentlicht 23.05.2024 15:15:15
- Zuletzt bearbeitet 27.02.2025 13:30:57
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for una...