Lucene search
K
BitappsContact Form Builder

8 matches found

CVE
CVE
added 2024/08/20 3:21 a.m.60 views

CVE-2024-7777

CVE-2024-7777 affects WordPress Bit Form plugin (2.0–2.13.9). Insufficient file-path validation in multiple functions allows authenticated Administrators+ to read and delete arbitrary server files (e.g., wp-config.php), potentially enabling remote code execution. Patch available in version 2.13.1...

9CVSS9.2AI score0.01025EPSS
CVE
CVE
added 2025/01/25 8:23 a.m.56 views

CVE-2024-13450

CVE-2024-13450 refers to the WordPress plugin “Contact Form by Bit Form” (versions ≤ 2.17.4). The issue is an authenticated SSRF via the Webhooks integration, allowing an attacker with Administrator-level access (and in multisite) to trigger web requests from the application to arbitrary internal...

6.5CVSS4.1AI score0.00389EPSS
CVE
CVE
added 2024/08/20 3:21 a.m.55 views

CVE-2024-7775

The CVE-2024-7775 entry concerns the WordPress plugin Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder. Affected versions are 2.0–2.13.9, where missing input validation in addCustomCode allows authenticated users with Administ...

5.5CVSS5.5AI score0.00243EPSS
CVE
CVE
added 2024/08/20 3:21 a.m.54 views

CVE-2024-7702

CVE-2024-7702 pertains to the WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.9). The vulnerability arises from insufficient escaping and lack of prepared SQL statements for the entryID parameter, enabling a generic SQL Injection. According to the sources, authenticated attackers wit...

7.2CVSS7AI score0.00452EPSS
CVE
CVE
added 2023/08/14 7:10 p.m.50 views

CVE-2023-3645

CVE-2023-3645 affects the WordPress plugin Contact Form Builder by Bit Form (pre-2.2.0). Vulnerability: Stored XSS due to insufficient sanitization/escaping of settings, enabling admin+ attackers to inject scripts even when unfiltered_html is disallowed (e.g., multisite). Affected product/version...

4.8CVSS4.9AI score0.00379EPSS
CVE
CVE
added 2024/08/20 3:21 a.m.50 views

CVE-2024-7780

CVE-2024-7780 describes an authenticated SQL Injection in WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.9) due to improper escaping and insufficient query preparation on the id parameter. Exploitation requires Administrator+ privileges; attackers could append queries to extract dat...

7.2CVSS7AI score0.00506EPSS
CVE
CVE
added 2024/08/20 3:21 a.m.49 views

CVE-2024-7782

CVE-2024-7782 affects the WordPress plugin Contact Form by Bit Form (versions 2.0–2.13.4). The issue is due to insufficient file path validation in the iconRemove function, enabling authenticated attackers with Administrator+ privileges to delete arbitrary files on the server, with potential remo...

8.7CVSS8.8AI score0.00915EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.47 views

CVE-2024-1640

CVE-2024-1640 pertains to the WordPress plugin “Contact Form Builder by Bit Form” (Bit Form). The issue is insufficient user validation in the bitforms_update_form_entry AJAX action across all versions up to 2.10.1, enabling unauthenticated attackers to modify form submissions. The Red Hat adviso...

5.3CVSS6AI score0.00481EPSS