2 matches found
CVE-2022-4774
CVE-2022-4774 affects the Bit Form WordPress plugin prior to version 1.9. The issue stems from the plugin not validating uploaded file types in its file upload field, allowing unauthenticated users to upload arbitrary files (e.g., PHP or HTML) to the server, which leads to Remote Code Execution. ...
CVE-2024-13451
The CVE-2024-13451 entry concerns the WordPress plugin Contact Form by Bit Form (Bit Form: Multi Step Form, Calculation, Payment, Custom Form builder). Affected versions include all up to 2.17.4, where there is Sensitive Information Exposure via file uploads caused by insufficient directory listi...