CVE-2022-4774

critical

Description

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.

References

https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e

Details

Source: Mitre, NVD

Published: 2023-05-15

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H