cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-12616,https://securityvulnerability.io/vulnerability/CVE-2024-12616,Unauthorized Data Modification in Bitly Plugin for WordPress,"The Bitly's WordPress Plugin is susceptible to unauthorized modification of settings due to a lack of proper capability checks on several AJAX actions. This vulnerability affects all versions up to and including 2.7.3, enabling authenticated attackers—specifically those with Subscriber-level access or higher—to manipulate plugin settings without appropriate permissions, thus posing risks to data integrity and security.",Wordpress,Bitly's WordPress Plugin,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-09T11:11:03.339Z,0 CVE-2024-12190,https://securityvulnerability.io/vulnerability/CVE-2024-12190,Data Exposure in Bit Form Contact Form Plugin for WordPress,"The Contact Form by Bit Form, including its Multi Step Form, Calculation Contact Form, Payment Contact Form, and Custom Contact Form builder, contains a security vulnerability that exposes sensitive data. Due to a lack of necessary capability checks on the 'bitform-form-entry-edit' endpoint, authenticated users with Subscriber-level access and higher can access form submissions made by other users. This flaw affects all versions of the plugin up to and including 2.17.3, potentially compromising user privacy and data security on WordPress sites utilizing these contact forms.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-25T03:21:32.469Z,0 CVE-2024-9507,https://securityvulnerability.io/vulnerability/CVE-2024-9507,Arbitrary File Read Vulnerability in Contact Form Plugin,"The Contact Form plugin by Bit Form for WordPress contains a vulnerability due to improper input validation in the iconUpload function. This flaw allows authenticated users with Administrator-level access to launch a PHP filter chain attack that can read arbitrary files on the server. As a result, sensitive information stored in these files may be exposed, posing significant risks to data integrity and security.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-11T07:37:45.931Z,0 CVE-2024-8743,https://securityvulnerability.io/vulnerability/CVE-2024-8743,Limited JavaScript File Upload Vulnerability in Bit File Manager,"The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.",Wordpress,Bit File Manager – 100% Free & Open Source File Manager And Code Editor For WordPress,6.8,MEDIUM,0.0005000000237487257,false,,false,false,true,true,false,false,2024-10-05T06:44:10.696Z,0 CVE-2024-7770,https://securityvulnerability.io/vulnerability/CVE-2024-7770,Arbitrary File Uploads Vulnerability in Bit File Manager,"The Bit File Manager, a widely used file management tool for WordPress, is subject to a vulnerability allowing authenticated attackers with Subscriber-level access and upload permissions to execute arbitrary file uploads. This occurs due to insufficient validation of file types in the upload function across all versions up to and including 6.5.5. Malicious users could potentially exploit this flaw to deliver harmful files to the server, raising concerns regarding remote code execution and overall website security.",Wordpress,Bit File Manager – 100% Free & Open Source File Manager And Code Editor For WordPress,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,false,false,2024-09-10T10:59:05.034Z,0 CVE-2024-7627,https://securityvulnerability.io/vulnerability/CVE-2024-7627,Temporary File Vulnerability Affects Bit File Manager WordPress Plugin,"The Bit File Manager plugin for WordPress has a vulnerability that allows remote code execution. This issue arises from the 'checkSyntax' function, which inadequately validates files before creating a temporary file in a publicly accessible directory. As a result, if an administrator has granted Guest User read permissions, unauthenticated attackers can potentially execute arbitrary code on the server. Website owners using the affected versions of this plugin should take immediate action to secure their sites against this vulnerability.",Wordpress,Bit File Manager – 100% Free & Open Source File Manager And Code Editor For WordPress,8.1,HIGH,0.0005600000149570405,false,,false,false,true,true,false,false,2024-09-05T02:04:24.643Z,0 CVE-2024-7782,https://securityvulnerability.io/vulnerability/CVE-2024-7782,Arbitrary File Deletion Vulnerability in Contact Form Plugin,"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-20T03:21:11.466Z,0 CVE-2024-7780,https://securityvulnerability.io/vulnerability/CVE-2024-7780,Vulnerability in Bit Form's Multi Step Form Plugin Could Allow SQL Injection,"The Contact Form by Bit Form plugin for WordPress is susceptible to a SQL Injection flaw via the 'id' parameter in versions ranging from 2.0 to 2.13.9. This vulnerability arises from inadequate input escaping and a lack of robust SQL query preparation, allowing authenticated attackers with Administrator privileges or higher to inject additional SQL commands into existing queries. This attack vector potentially exposes sensitive data from the database, making it critical for site administrators to secure their installations and apply necessary updates.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",7.2,HIGH,0.0008299999753944576,false,,false,false,false,,false,false,2024-08-20T03:21:10.510Z,0 CVE-2024-7777,https://securityvulnerability.io/vulnerability/CVE-2024-7777,Arbitrary File Read and Deletion Vulnerability in Contact Form Plugin,"The Contact Form by Bit Form plugin on WordPress is susceptible to vulnerabilities in multiple functions that lack proper file path validation. Versions ranging from 2.0 to 2.13.9 are impacted, allowing authenticated attackers with Administrator-level access to read and delete arbitrary files on the server. This vulnerability poses significant risks, as deleting critical files such as wp-config.php can lead to remote code execution, compromising the security and integrity of the WordPress site.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",9,CRITICAL,0.0006200000061653554,false,,false,false,false,,false,false,2024-08-20T03:21:08.998Z,0 CVE-2024-7775,https://securityvulnerability.io/vulnerability/CVE-2024-7775,Arbitrary JavaScript File Uploads Vulnerability in Bit Form Contact Form plugin,"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-20T03:21:08.498Z,0 CVE-2024-7702,https://securityvulnerability.io/vulnerability/CVE-2024-7702," integrable SQL Injection Vulnerability Affects Contact Form Plugin","The Contact Form plugin by Bit Form, encompassing multiple functionalities like Multi Step Form, Calculation Contact Form, Payment Contact Form, and Custom Contact Form builder, is susceptible to SQL injection attacks. This security flaw arises from inadequate escaping of the user-supplied entryID parameter, combined with insufficient preparation in the SQL query. Authenticated users with Administrator-level access or higher may exploit this vulnerability to append malicious SQL queries, potentially enabling them to access sensitive information from the database.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",7.2,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-08-20T03:21:07.859Z,0 CVE-2024-6123,https://securityvulnerability.io/vulnerability/CVE-2024-6123,Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload,"The Bit Form plugin for WordPress presents a significant vulnerability involving arbitrary file uploads due to inadequate file type validation in the 'iconUpload' function. This flaw affects all versions of the plugin up to and including 2.13.3. When exploited by authenticated users with administrator-level permissions, it allows the potential for unauthorized uploads of arbitrary files to the server. Such actions could lead to serious issues, including remote code execution, posing a substantial risk to the integrity and security of affected WordPress sites. Site administrators are advised to review their plugin versions and consider applying necessary security measures.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T08:15:00.000Z,0 CVE-2024-1640,https://securityvulnerability.io/vulnerability/CVE-2024-1640,Unauthorized Data Modification in Bit Form Plugin for WordPress,"The Contact Form Builder Plugin by Bit Form for WordPress contains a flaw that allows unauthenticated users to modify form submissions through insufficient user validation on the bitforms_update_form_entry AJAX action. This vulnerability affects all versions of the plugin up to and including 2.10.1, posing a significant risk for websites utilizing this plugin.",Wordpress,"Contact Form Builder By Bit Form: Create Contact Form, Multi Step Form, Conversational Form",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:47.390Z,0 CVE-2023-5577,https://securityvulnerability.io/vulnerability/CVE-2023-5577,Stored Cross-Site Scripting Vulnerability in Bitly Plugin for WordPress,"The Bitly plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability via the 'wpbitly' shortcode. This affects all versions up to and including 2.7.1, allowing authenticated attackers with contributor-level permissions or higher to inject malicious scripts. Due to insufficient input sanitization and output escaping on user-supplied attributes, when users access affected pages, arbitrary web scripts could execute, potentially leading to session hijacking and data theft.",Wordpress,Bitly's WordPress Plugin,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-07T12:15:00.000Z,0 CVE-2023-3645,https://securityvulnerability.io/vulnerability/CVE-2023-3645,Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS,"The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Contact Form Builder By Bit Form,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-08-14T20:15:00.000Z,0 CVE-2022-4774,https://securityvulnerability.io/vulnerability/CVE-2022-4774,Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload,"The Bit Form WordPress plugin, prior to version 1.9, lacks proper validation for file types uploaded through its file upload form field. This oversight allows unauthenticated users to upload potentially harmful file types, such as PHP and HTML, directly to the server. Such uploads can lead to serious security risks, including remote code execution, where attackers can execute arbitrary code on the server, compromising the integrity and confidentiality of affected sites.",Wordpress,Bit Form,9.8,CRITICAL,0.015449999831616879,false,,false,false,true,true,false,false,2023-05-15T12:15:44.681Z,0