CVE-2022-4774

CVE-2022-4774 affects the Bit Form WordPress plugin prior to version 1.9. The issue stems from the plugin not validating uploaded file types in its file upload field, allowing unauthenticated users to upload arbitrary files (e.g., PHP or HTML) to the server, which leads to Remote Code Execution. ...

CVE-2024-43251

CVE-2024-43251: Bit Form Pro for WordPress (Bit Form Pro

CVE-2024-43250

CVE-2024-43250 concerns Bit Form Pro (WordPress plugin). Connected sources confirm an Incorrect Authorization vulnerability in Bit Form Pro, affecting versions up to 2.6.4, enabling Missing Authorization to update settings for Subscriber+ accounts. Root cause: ACL-related permission checks not pr...

CVE-2024-43248

CVE-2024-43248 affects Bit Form Pro (WordPress) up to version 2.6.4, enabling unauthenticated arbitrary file deletion via an unauthenticated path traversal vulnerability. The vulnerability is currently listed as Unpatched; no official fix/version is provided in the connected documents. Monitor fo...

CVE-2024-43249

CVE-2024-43249 involves Bit Form Pro (Bit Form Pro plugin) with an Unrestricted Upload of File with Dangerous Type that enables Command Injection. The Red Hat entry confirms the issue as affecting Bit Form Pro

CVE-2024-13451

The CVE-2024-13451 entry concerns the WordPress plugin Contact Form by Bit Form (Bit Form: Multi Step Form, Calculation, Payment, Custom Form builder). Affected versions include all up to 2.17.4, where there is Sensitive Information Exposure via file uploads caused by insufficient directory listi...