3 matches found
CVE-2025-6679
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co...
CVE-2025-6679 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co...
CVE-2025-6679
CVE-2025-6679 concerns the WordPress Bit Form builder plugin. Affected: Bit Form builder for WordPress, versions up to and including 2.20.4. Issue: missing file type validation enables unauthenticated arbitrary file uploads via an advanced file upload element, potentially enabling remote code exe...