Felipe Restrepo Rodríguez

**Name of the Vulnerable Software and Affected Versions** Bit Form WordPress plugin versions prior to 1.9 **Description** The issue allows unauthenticated users to upload arbitrary file types, such as PHP or HTML files, to the server via the file upload form field, leading to Remote Code Execution. This is due to the lack of validation of file types uploaded through this field. **Recommendations** For versions prior to 1.9, update to version 1.9 or later to resolve the issue. As a temporary workaround, consider disabling the file upload form field until a patch is available. Restrict access to the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NS WooCommerce Watermark WordPress plugin versions 2.11.3 and earlier **Description** The issue allows an unprivileged user to utilize the plugin's functionality to load images that may contain malware. This can be achieved by passing malicious domains through the vulnerable domain, effectively hiding their trace. **Recommendations** For versions 2.11.3 and earlier, update to a version later than 2.11.3 to resolve the issue. As a temporary workaround, consider restricting access to the image loading functionality of the NS WooCommerce Watermark WordPress plugin until a patch is available.