8 matches found
CVE-2024-7777
CVE-2024-7777 affects WordPress Bit Form plugin (2.0–2.13.9). Insufficient file-path validation in multiple functions allows authenticated Administrators+ to read and delete arbitrary server files (e.g., wp-config.php), potentially enabling remote code execution. Patch available in version 2.13.1...
CVE-2024-13450
CVE-2024-13450 refers to the WordPress plugin “Contact Form by Bit Form” (versions ≤ 2.17.4). The issue is an authenticated SSRF via the Webhooks integration, allowing an attacker with Administrator-level access (and in multisite) to trigger web requests from the application to arbitrary internal...
CVE-2024-7775
The CVE-2024-7775 entry concerns the WordPress plugin Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder. Affected versions are 2.0–2.13.9, where missing input validation in addCustomCode allows authenticated users with Administ...
CVE-2024-7702
CVE-2024-7702 pertains to the WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.9). The vulnerability arises from insufficient escaping and lack of prepared SQL statements for the entryID parameter, enabling a generic SQL Injection. According to the sources, authenticated attackers wit...
CVE-2023-3645
CVE-2023-3645 affects the WordPress plugin Contact Form Builder by Bit Form (pre-2.2.0). Vulnerability: Stored XSS due to insufficient sanitization/escaping of settings, enabling admin+ attackers to inject scripts even when unfiltered_html is disallowed (e.g., multisite). Affected product/version...
CVE-2024-7780
CVE-2024-7780 describes an authenticated SQL Injection in WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.9) due to improper escaping and insufficient query preparation on the id parameter. Exploitation requires Administrator+ privileges; attackers could append queries to extract dat...
CVE-2024-7782
CVE-2024-7782 affects the WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.4). The issue is due to insufficient file path validation in the iconRemove function, enabling authenticated attackers with Administrator+ privileges to delete arbitrary files on the server, with potential remo...
CVE-2024-1640
CVE-2024-1640 pertains to the WordPress plugin “Contact Form Builder by Bit Form” (Bit Form). The issue is insufficient user validation in the bitforms_update_form_entry AJAX action across all versions up to 2.10.1, enabling unauthenticated attackers to modify form submissions. The Red Hat adviso...