CVE-2024-13450

CVE-2024-13450 refers to the WordPress plugin “Contact Form by Bit Form” (versions ≤ 2.17.4). The issue is an authenticated SSRF via the Webhooks integration, allowing an attacker with Administrator-level access (and in multisite) to trigger web requests from the application to arbitrary internal...

CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...

CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...

WordPress plugin Bit Form 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress Bit Form plugin <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation to Arbitrary File Read vulnerability

Authenticated Administrator+ Improper Input Validation to Arbitrary File Read vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions = 2.15.2...

CVE-2024-47335

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...

CVE-2024-47335

CVE-2024-47335 is a SQL Injection vulnerability in the WordPress plugin Bit Form – Contact Form Plugin (versions

CVE-2024-47335 WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...

CVE-2024-47335 WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...

WordPress plugin Bit Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-47301 WordPress Bit Form plugin <= 2.13.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through = 2.13.10...

CVE-2024-47301 WordPress Bit Form plugin <= 2.13.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bit Form Bit Form – Contact Form Plugin allows Stored XSS.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10...

PT-2024-32512 · Unknown · Bit Form – Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: Bit Form – Contact Form Plugin versions n/a through 2.13.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in the Bit Form –...

CVE-2024-47319

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through = 2.13.10...

CVE-2024-47319 WordPress Bit Form plugin <= 2.13.10 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10...

PT-2024-32531 · Unknown · Bit Form – Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: Bit Form – Contact Form Plugin versions n/a through 2.13.10 Description: The issue allows for the unrestricted upload of files with dangerous types, which can lead to code injection. This can potentially be exploited by attackers to inject...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

CVE-2024-7780

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

CVE-2024-7702

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter a...