CVE-2022-4774

Published: May 15, 2023Modified: Jan 24, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.

Affected (1)

Products: Bitapps: Bit Form

Bitapps

1 product

Bit Form

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bitapps Bit Form	Before 1.9

References (2)

https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e

Source: contact@wpscan.com

Exploit

https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.