CVE-2024-9417

EUVD-2024-49927

05.10.2024, 10:15

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Wordfence	CNA	6.1 MEDIUM				CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
hashthemes	hash_form	𝑥 < 1.2.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormUploader.php#L107

https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormUploader.php#L135

https://plugins.trac.wordpress.org/changeset/3161828/

https://www.wordfence.com/threat-intel/vulnerabilities/id/cad7731a-1f81-4055-9b49-15b35edd3fcf?source=cve