cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12190,https://securityvulnerability.io/vulnerability/CVE-2024-12190,Data Exposure in Bit Form Contact Form Plugin for WordPress,"The Contact Form by Bit Form, including its Multi Step Form, Calculation Contact Form, Payment Contact Form, and Custom Contact Form builder, contains a security vulnerability that exposes sensitive data. Due to a lack of necessary capability checks on the 'bitform-form-entry-edit' endpoint, authenticated users with Subscriber-level access and higher can access form submissions made by other users. This flaw affects all versions of the plugin up to and including 2.17.3, potentially compromising user privacy and data security on WordPress sites utilizing these contact forms.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-25T03:21:32.469Z,0
CVE-2024-9507,https://securityvulnerability.io/vulnerability/CVE-2024-9507,Arbitrary File Read Vulnerability in Contact Form Plugin,"The Contact Form plugin by Bit Form for WordPress contains a vulnerability due to improper input validation in the iconUpload function. This flaw allows authenticated users with Administrator-level access to launch a PHP filter chain attack that can read arbitrary files on the server. As a result, sensitive information stored in these files may be exposed, posing significant risks to data integrity and security.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-11T07:37:45.931Z,0
CVE-2024-7782,https://securityvulnerability.io/vulnerability/CVE-2024-7782,Arbitrary File Deletion Vulnerability in Contact Form Plugin,"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-20T03:21:11.466Z,0
CVE-2024-7780,https://securityvulnerability.io/vulnerability/CVE-2024-7780,Vulnerability in Bit Form's Multi Step Form Plugin Could Allow SQL Injection,"The Contact Form by Bit Form plugin for WordPress is susceptible to a SQL Injection flaw via the 'id' parameter in versions ranging from 2.0 to 2.13.9. This vulnerability arises from inadequate input escaping and a lack of robust SQL query preparation, allowing authenticated attackers with Administrator privileges or higher to inject additional SQL commands into existing queries. This attack vector potentially exposes sensitive data from the database, making it critical for site administrators to secure their installations and apply necessary updates.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",7.2,HIGH,0.0008299999753944576,false,,false,false,false,,false,false,2024-08-20T03:21:10.510Z,0
CVE-2024-7777,https://securityvulnerability.io/vulnerability/CVE-2024-7777,Arbitrary File Read and Deletion Vulnerability in Contact Form Plugin,"The Contact Form by Bit Form plugin on WordPress is susceptible to vulnerabilities in multiple functions that lack proper file path validation. Versions ranging from 2.0 to 2.13.9 are impacted, allowing authenticated attackers with Administrator-level access to read and delete arbitrary files on the server. This vulnerability poses significant risks, as deleting critical files such as wp-config.php can lead to remote code execution, compromising the security and integrity of the WordPress site.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",9,CRITICAL,0.0006200000061653554,false,,false,false,false,,false,false,2024-08-20T03:21:08.998Z,0
CVE-2024-7775,https://securityvulnerability.io/vulnerability/CVE-2024-7775,Arbitrary JavaScript File Uploads Vulnerability in Bit Form Contact Form plugin,"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-20T03:21:08.498Z,0
CVE-2024-7702,https://securityvulnerability.io/vulnerability/CVE-2024-7702," integrable SQL Injection Vulnerability Affects Contact Form Plugin","The Contact Form plugin by Bit Form, encompassing multiple functionalities like Multi Step Form, Calculation Contact Form, Payment Contact Form, and Custom Contact Form builder, is susceptible to SQL injection attacks. This security flaw arises from inadequate escaping of the user-supplied entryID parameter, combined with insufficient preparation in the SQL query. Authenticated users with Administrator-level access or higher may exploit this vulnerability to append malicious SQL queries, potentially enabling them to access sensitive information from the database.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",7.2,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-08-20T03:21:07.859Z,0
CVE-2024-6123,https://securityvulnerability.io/vulnerability/CVE-2024-6123,Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload,"The Bit Form plugin for WordPress presents a significant vulnerability involving arbitrary file uploads due to inadequate file type validation in the 'iconUpload' function. This flaw affects all versions of the plugin up to and including 2.13.3. When exploited by authenticated users with administrator-level permissions, it allows the potential for unauthorized uploads of arbitrary files to the server. Such actions could lead to serious issues, including remote code execution, posing a substantial risk to the integrity and security of affected WordPress sites. Site administrators are advised to review their plugin versions and consider applying necessary security measures.",Wordpress,"Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder",7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T08:15:00.000Z,0