Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.13.9

  • Severity: high-risk
  • Status: Fixed
  • Publication: August 19, 2024

A popular contact form plugin for WordPress called “Contact Form by Bit Form” has a security vulnerability that allows attackers to access sensitive information through a technique called SQL Injection. This vulnerability exists in versions 2.0 to 2.13.9 of the plugin because it does not properly protect against malicious inputs from users. This means that attackers with high-level access can add their own queries to the existing ones to access private data from the website’s database.

Detected in:

Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder fixed vulnerable versions:
Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder fixed vulnerable versions:
Contact Form builder by Bit Form: Multi Step Form, Conversational, Payment Form & More fixed vulnerable versions:
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.