CVE-2024-6123

CVE-2024-6123 (Bit Form, WordPress): The Bit Form plugin (WordPress) versions up to and including 2.13.3 are vulnerable to arbitrary file uploads due to missing file type validation in the iconUpload function. This allows an attacker with administrator-level or higher privileges to upload arbitra...

WordPress Bit Form plugin <= 2.12.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin Bit Form versions = 2.12.3...

PT-2024-37399 · WordPress · Bit Form

Name of the Vulnerable Software and Affected Versions: Bit Form plugin for WordPress versions up to, and including, 2.13.3 Description: The issue is related to missing file type validation in the iconUpload function, allowing authenticated attackers with administrator-level and above permissions ...

WordPress plugin Bit Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-1640

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

Input validation

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form < 2.10.2 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration

Description The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to...

PT-2024-18188 · Bit Form · Contact Form Builder Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress versions up to, and including, 2.10.1 Description: The issue is related to insufficient user validation on the...

CVE-2023-3645

The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...