PT-2024-38571 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function. This allows authenticated attackers with...

PT-2024-38576 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.4 Description: The issue is related to insufficient file path validation in the iconRemove function, which allows authenticated attackers with Administrator-level access and above to dele...

PT-2024-38522 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress versions 2.0 through 2.13.9 Description: The issue is related to generic SQL Injection via the entryI...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability

Authenticated Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Settings Change

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 786f4284258a Credits Dave Jong Patchstack Required...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Upload

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-43249 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 064fd9534e30 Credits Dave Jong Patchstack Required...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Deletion

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-43248 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID fe35e84633f6 Credits Dave Jong Patchstack Require...

CVE-2024-6123

The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload...

CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload

The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload...

CVE-2024-6123

CVE-2024-6123 (Bit Form, WordPress): The Bit Form plugin (WordPress) versions up to and including 2.13.3 are vulnerable to arbitrary file uploads due to missing file type validation in the iconUpload function. This allows an attacker with administrator-level or higher privileges to upload arbitra...

WordPress Bit Form plugin <= 2.12.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin Bit Form versions = 2.12.3...

WordPress Bit Form – Contact Form Plugin Plugin <= 2.12.3 is vulnerable to Arbitrary File Upload

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.13.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6123 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 569eb657724e Credits István Márton Required...

PT-2024-37399 · WordPress · Bit Form

Name of the Vulnerable Software and Affected Versions: Bit Form plugin for WordPress versions up to, and including, 2.13.3 Description: The issue is related to missing file type validation in the iconUpload function, allowing authenticated attackers with administrator-level and above permissions ...

WordPress plugin Bit Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-1640

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

Input validation

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...