3 matches found
CVE-2024-13450
CVE-2024-13450 refers to the WordPress plugin “Contact Form by Bit Form” (versions ≤ 2.17.4). The issue is an authenticated SSRF via the Webhooks integration, allowing an attacker with Administrator-level access (and in multisite) to trigger web requests from the application to arbitrary internal...
CVE-2023-3645
CVE-2023-3645 affects the WordPress plugin Contact Form Builder by Bit Form (pre-2.2.0). Vulnerability: Stored XSS due to insufficient sanitization/escaping of settings, enabling admin+ attackers to inject scripts even when unfiltered_html is disallowed (e.g., multisite). Affected product/version...
CVE-2024-1640
CVE-2024-1640 pertains to the WordPress plugin “Contact Form Builder by Bit Form” (Bit Form). The issue is insufficient user validation in the bitforms_update_form_entry AJAX action across all versions up to 2.10.1, enabling unauthenticated attackers to modify form submissions. The Red Hat adviso...