cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12201,https://securityvulnerability.io/vulnerability/CVE-2024-12201,Unauthorized Access to Form Styles in Hash Form Plugin,"The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles.",Wordpress,Hash Form – Drag & Drop Form Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-12T06:46:34.430Z,0
CVE-2024-9417,https://securityvulnerability.io/vulnerability/CVE-2024-9417,File Upload Vulnerability in Hash Form's Drag & Drop Form Builder,"The Hash Form – Drag & Drop Form Builder plugin for WordPress is affected by a vulnerability that allows unauthenticated attackers to perform limited file uploads. This issue arises from a flaw in the file type validation within the 'handleUpload' function. Versions of the plugin up to and including 1.1.9 are impacted, permitting malicious file types to bypass both 'allowedExtensions' and 'unallowed_extensions' arrays. As a result, attackers may upload files that could contain harmful content, including cross-site scripting payloads, posing significant security risks to the affected WordPress sites.",Wordpress,Hash Form – Drag & Drop Form Builder,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-05T09:39:22.793Z,0