cbcvebase.

Hashthemes Hash Form vulnerabilities

5 known vulnerabilities affecting hashthemes/hash_form.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-5084P1CRITICALCVSS 9.8PoCfixed in 1.1.12024-05-23
CVE-2024-5084 [CRITICAL] CWE-434 CVE-2024-5084: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file upload The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote
nvd
CVE-2024-5085P3CRITICALCVSS 9.8fixed in 1.1.12024-05-23
CVE-2024-5085 [CRITICAL] CWE-502 CVE-2024-5085: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. I
nvd
CVE-2024-9417P4MEDIUMCVSS 6.1fixed in 1.2.02024-10-05
CVE-2024-9417 [MEDIUM] CWE-434 CVE-2024-9417: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowe
nvd
CVE-2024-12201P4MEDIUMCVSS 4.3fixed in 1.2.22024-12-12
CVE-2024-12201 [MEDIUM] CWE-862 CVE-2024-12201: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access d The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles.
nvd
CVE-2025-47468P4MEDIUMCVSS 4.3≤ 1.2.82025-05-07
CVE-2025-47468 [MEDIUM] CWE-352 CVE-2025-47468: Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through <= 1.2.8.
nvd