CVE-2024-9507

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This...

CVE-2024-9507

creationtimestamp| type| source ---|---|--- 2024-10-11 16:10:39+00:00| seen| https://t.me/cvedetector/7664...

CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This...

CVE-2024-9507

CVE-2024-9507 concerns the WordPress plugin Bit Form (Contact Form by Bit Form) up to version 2.15.2. The issue arises from improper input validation in the iconUpload function, enabling authenticated attackers with Administrator-level access and above to perform a PHP filter chain attack and rea...

WordPress Bit Form – Contact Form Plugin Plugin <= 2.15.2 is vulnerable to Arbitrary File Download

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.15.2 Fixed in 2.15.3 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2024-9507 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 2674338e71f9 Credits TANG Cheuk Hei siunam...