module

WordPress Hash Form Plugin RCE

Disclosed
05/23/2024
Created
06/05/2024

Description

The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical vulnerability
due to missing file type validation in the file_upload_action function. This vulnerability exists
in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary
files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected
WordPress site. This module targets multiple platforms by adapting payload delivery and execution based on the
server environment.

Authors

Francesco CarlucciValentin Lobstein

Platform

Linux,PHP,Unix,Windows

Architectures

php, cmd

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/multi/http/wp_hash_form_rce
    msf /(e) > show actions
        ...actions...
    msf /(e) > set ACTION < action-name >
    msf /(e) > show options
        ...show and set options...
    msf /(e) > run
  
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.