227 matches found
CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...
CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
CVE-2024-7775
The CVE-2024-7775 entry concerns the WordPress plugin Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder. Affected versions are 2.0–2.13.9, where missing input validation in addCustomCode allows authenticated users with Administ...
CVE-2024-7702 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter a...
CVE-2024-7702 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter a...
CVE-2024-7702
CVE-2024-7702 pertains to the WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.9). The vulnerability arises from insufficient escaping and lack of prepared SQL statements for the entryID parameter, enabling a generic SQL Injection. According to the sources, authenticated attackers wit...
WordPress Bit Form – Contact Form Plugin Plugin 2.0 - 2.13.9 is vulnerable to Arbitrary File Download
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.0 - 2.13.9 Fixed in 2.13.10 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-7777 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fefb4e6e44bf Credits siunam...
WordPress Bit Form – Contact Form Plugin Plugin 2.0 - 2.13.9 is vulnerable to Cross Site Scripting (XSS)
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.0 - 2.13.9 Fixed in 2.13.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-7775 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a79665250a6a Credits siunam Required...
WordPress Bit Form – Contact Form Plugin Plugin 2.0 - 2.13.9 is vulnerable to SQL Injection
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.0 - 2.13.9 Fixed in 2.13.10 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-7702 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 93a8a2a37fc7 Credits siunam Required privilege...
WordPress Bit Form – Contact Form Plugin Plugin 2.0 - 2.13.4 is vulnerable to Arbitrary File Deletion
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.0 - 2.13.4 Fixed in 2.13.5 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-7782 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID 53f3b9076db6 Credits siunam...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
CVE-2024-43250
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4...
CVE-2024-43248
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4...
CVE-2024-43248
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4...
CVE-2024-43249
Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4...