Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.17.5

  • Severity: medium-risk
  • Status: Fixed
  • Publication: July 1, 2025

Bit Form’s Contact Form plugin for WordPress, which allows users to create multi-step, calculation, payment, and custom contact forms, has a security vulnerability in all versions up to and including 2.17.4. This vulnerability exposes sensitive information, such as files uploaded through the form, to unauthorized users. The issue stems from a lack of proper prevention of directory listings and randomized file names. While the vulnerability was partially fixed in version 2.17.5, it is still recommended to update to the latest version.

Detected in:

Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder fixed vulnerable versions:
Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder fixed vulnerable versions:
Contact Form builder by Bit Form: Multi Step Form, Conversational, Payment Form & More fixed vulnerable versions:
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.