The Hash Form Drag and Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the file_upload_action function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected WordPress site. This Metasploit module targets multiple platforms by adapting payload delivery and execution based on the server environment.
64b2193d74612e99562b23a4a36b832a46e526be92d5e77374181caa141143e0
Easy!Appointments versions prior to 1.4.3 suffers from an unauthenticated PII disclosure vulnerability.
1da2f1556f091a16878c1f5ff43c96ee13603b821be2cf36f4eddc3bdda3b756