227 matches found
CVE-2024-13450
CVE-2024-13450 refers to the WordPress plugin “Contact Form by Bit Form” (versions ≤ 2.17.4). The issue is an authenticated SSRF via the Webhooks integration, allowing an attacker with Administrator-level access (and in multisite) to trigger web requests from the application to arbitrary internal...
CVE-2024-12190
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...
CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...
CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...
PT-2024-17481 · Bit Form · The Contact Form By Bit Form
Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions up to, and including, 2.17.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the "bitform-form-entry-edit" endpoint. This allows authenticated attacke...
WordPress plugin Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Bit Form – Contact Form plugin <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure vulnerability
Missing Authorization to Authenticated Subscriber+ Form Submission Disclosure vulnerability discovered by Akbar Kustirama in WordPress Plugin Bit Form versions = 2.17.3...
CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This...
CVE-2024-9507
CVE-2024-9507 concerns the WordPress plugin Bit Form (Contact Form by Bit Form) up to version 2.15.2. The issue arises from improper input validation in the iconUpload function, enabling authenticated attackers with Administrator-level access and above to perform a PHP filter chain attack and rea...
CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This...
WordPress plugin Bit Form 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
WordPress Bit Form plugin <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation to Arbitrary File Read vulnerability
Authenticated Administrator+ Improper Input Validation to Arbitrary File Read vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions = 2.15.2...
WordPress Bit Form – Contact Form Plugin Plugin <= 2.15.2 is vulnerable to Arbitrary File Download
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.15.2 Fixed in 2.15.3 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2024-9507 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 2674338e71f9 Credits TANG Cheuk Hei siunam...
CVE-2024-47335
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...
CVE-2024-47335 WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...
CVE-2024-47335
CVE-2024-47335 is a SQL Injection vulnerability in the WordPress plugin Bit Form – Contact Form Plugin (versions
CVE-2024-47335 WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...
WordPress plugin Bit Form SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2024-47301
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through = 2.13.10...
CVE-2024-47301
CVE-2024-47301 : WordPress Bit Form – Contact Form Plugin