module
WordPress Hash Form Plugin RCE
| Disclosed | Created |
|---|---|
| 05/23/2024 | 06/05/2024 |
Disclosed
05/23/2024
Created
06/05/2024
Description
The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical vulnerability
due to missing file type validation in the file_upload_action function. This vulnerability exists
in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary
files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected
WordPress site. This module targets multiple platforms by adapting payload delivery and execution based on the
server environment.
due to missing file type validation in the file_upload_action function. This vulnerability exists
in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary
files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected
WordPress site. This module targets multiple platforms by adapting payload delivery and execution based on the
server environment.
Authors
Francesco CarlucciValentin Lobstein
Platform
Linux,PHP,Unix,Windows
Architectures
php, cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/multi/http/wp_hash_form_rce
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.