Bitapps

Contact Form Builder

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-13450

  • EPSS 0.34%
  • Veröffentlicht 25.01.2025 09:15:07
  • Zuletzt bearbeitet 04.02.2025 20:48:58

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhook...

6.5

CVE-2024-7782

  • EPSS 10.11%
  • Veröffentlicht 20.08.2024 04:15:11
  • Zuletzt bearbeitet 26.08.2024 18:21:12

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove funct...

4.8

CVE-2024-7775

  • EPSS 0.25%
  • Veröffentlicht 20.08.2024 04:15:10
  • Zuletzt bearbeitet 26.08.2024 18:18:22

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode f...

9

CVE-2024-7777

  • EPSS 4.03%
  • Veröffentlicht 20.08.2024 04:15:10
  • Zuletzt bearbeitet 26.08.2024 18:19:19

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple fu...

7.2

CVE-2024-7780

  • EPSS 0.68%
  • Veröffentlicht 20.08.2024 04:15:10
  • Zuletzt bearbeitet 26.08.2024 18:19:59

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient...

7.2

CVE-2024-7702

  • EPSS 0.69%
  • Veröffentlicht 20.08.2024 04:15:09
  • Zuletzt bearbeitet 26.08.2024 18:15:46

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insuffi...

5.3

CVE-2024-1640

  • EPSS 0.28%
  • Veröffentlicht 13.03.2024 16:15:24
  • Zuletzt bearbeitet 03.04.2025 13:12:35

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_e...

4.8

CVE-2023-3645

Exploit
  • EPSS 0.1%
  • Veröffentlicht 14.08.2023 20:15:12
  • Zuletzt bearbeitet 21.11.2024 08:17:44

The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ca...