Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.6 views

CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

9.8CVSS7.4AI score0.01785EPSS
Exploits2References1
NVD
NVD
added 2023/05/15 1:15 p.m.28 views

CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

9.8CVSS9.8AI score0.01785EPSS
Exploits2References1
CVE
CVE
added 2023/05/15 12:15 p.m.73 views

CVE-2022-4774

CVE-2022-4774 affects the Bit Form WordPress plugin prior to version 1.9. The issue stems from the plugin not validating uploaded file types in its file upload field, allowing unauthenticated users to upload arbitrary files (e.g., PHP or HTML) to the server, which leads to Remote Code Execution. ...

9.8CVSS9.8AI score0.01785EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/05/15 12:15 p.m.25 views

CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

9.9AI score0.01785EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.11 views

CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

7.3AI score0.01785EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.20 views

WordPress Bit Form – Contact Form Plugin Plugin < 1.9 is vulnerable to Remote Code Execution (RCE)

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4774 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4efef0b2be54 Credits Felipe Restrepo Rodríguez...

9.8CVSS7.2AI score0.01785EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder