CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitapps:bit_form:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:35

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e - Exploit () https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e - Exploit

23 May 2023, 15:42

Type Values Removed Values Added
CPE cpe:2.3:a:bitapps:bit_form:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e - (MISC) https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e - Exploit
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

15 May 2023, 13:26

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-15 13:15

Updated : 2024-11-21 07:35


NVD link : CVE-2022-4774

Mitre link : CVE-2022-4774

CVE.ORG link : CVE-2022-4774


JSON object : View

Products Affected

bitapps

  • bit_form
CWE

No CWE.