← Back to CVEs
CVE-2022-4774
CRITICAL9.8
Description
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/15/2023
Last Modified1/24/2025
Sourcenvd
Honeypot Sightings0
Affected Products
bitapps:bit_form
References
https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e(contact@wpscan.com)
https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.