CVE-2024-9417

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 5, 2024
Updated: Oct 7, 2024
CWE ID 434

Summary

CVE-2024-9417 identifies a vulnerability in the Hash Form – Drag & Drop Form Builder plugin for WordPress, affecting all versions up to and including 1.1.9. The flaw is due to improper file type validation in the 'handleUpload' function, allowing unauthenticated attackers to upload potentially harmful files that are not restricted by the site's allowed or disallowed extensions. This could lead to security risks such as cross-site scripting (XSS) attacks. Organizations using this plugin are advised to update it to a patched version or implement additional security measures to mitigate the risk of file upload attacks. The vulnerability has been rated with a medium severity score of 6.1, indicating a moderate level of threat, primarily requiring user interaction for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share