CVE-2022-4774

Name of the Vulnerable Software and Affected Versions Bit Form WordPress plugin versions prior to 1.9

Description The issue allows unauthenticated users to upload arbitrary file types, such as PHP or HTML files, to the server via the file upload form field, leading to Remote Code Execution. This is due to the lack of validation of file types uploaded through this field.

Recommendations For versions prior to 1.9, update to version 1.9 or later to resolve the issue. As a temporary workaround, consider disabling the file upload form field until a patch is available. Restrict access to the server to minimize the risk of exploitation.