Vulnerabilities > Bitapps > Contact Form Builder > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-25 | CVE-2024-13450 | Server-Side Request Forgery (SSRF) vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. | 6.5 |
| 2024-08-20 | CVE-2024-7702 | SQL Injection vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-08-20 | CVE-2024-7775 | Cross-site Scripting vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. | 4.8 |
| 2024-08-20 | CVE-2024-7777 | Path Traversal vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. | 9.0 |
| 2024-08-20 | CVE-2024-7780 | SQL Injection vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-08-20 | CVE-2024-7782 | Path Traversal vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. | 6.5 |