cbcvebase.

Bitapps Bit Form vulnerabilities

6 known vulnerabilities affecting bitapps/bit_form.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-4774P2CRITICALCVSS 9.8fixed in 1.92023-05-15
CVE-2022-4774 [CRITICAL] CWE-434 CVE-2022-4774: The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upl The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
nvd
CVE-2024-43249P3HIGHCVSS 8.8≤ 2.6.42024-08-19
CVE-2024-43249 [HIGH] CWE-434 CVE-2024-43249: Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Comman Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.
nvd
CVE-2024-43248P3CRITICALCVSS 9.1≤ 2.6.42024-08-19
CVE-2024-43248 [CRITICAL] CWE-22 CVE-2024-43248: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4.
nvd
CVE-2024-13451P3HIGHCVSS 7.5fixed in 2.17.62025-07-02
CVE-2024-13451 [HIGH] CWE-200 CVE-2024-13451: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Cust The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This mak
nvd
CVE-2024-43250P3MEDIUMCVSS 6.5≤ 2.6.42024-08-19
CVE-2024-43250 [MEDIUM] CWE-863 CVE-2024-43250: Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functiona Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.
nvd
CVE-2024-43251P4MEDIUMCVSS 6.5≤ 2.6.42024-08-26
CVE-2024-43251 [MEDIUM] CWE-200 CVE-2024-43251: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.Th Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4.
nvd
Bitapps Bit Form vulnerabilities | cvebase