Hash Form – Drag & Drop Form Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:hashthemes:hash_form_–_drag_&_drop_form_builder:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Hashthemes (ad6990d3-d10b-5b93-9344-2b8eced11175) |
|---|---|
| Product | Hash Form – Drag & Drop Form Builder (c4690273-e44a-5e1e-bd95-143f59b1f4ca) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9417 |
vulnerable | 2026-06-03 14:58:21.211364 |
Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload
MEDIUM (6.1)
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.
Published: 2024-10-05T09:39:22.793Z
Updated: 2026-04-08T17:23:23.027Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5085 |
vulnerable | 2026-06-03 14:57:51.743961 |
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection
HIGH (8.1)
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Published: 2024-05-23T14:31:38.023Z
Updated: 2026-04-08T16:32:31.417Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5084 |
vulnerable | 2026-06-03 14:57:51.742779 |
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
CRITICAL (9.8)
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2024-05-23T14:31:38.633Z
Updated: 2026-04-08T17:31:52.074Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12201 |
vulnerable | 2026-06-03 14:54:15.821098 |
Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
MEDIUM (4.3)
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles.
Published: 2024-12-12T06:46:34.430Z
Updated: 2026-04-08T17:18:30.478Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.