PT-2025-33446 · WordPress · Bit Form Builder
Phat Rio
·
Published
2025-08-15
·
Updated
2025-08-20
·
CVE-2025-6679
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Bit Form builder plugin for WordPress versions up to and including 2.20.4
Description:
The Bit Form builder plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation. This allows unauthenticated attackers to upload arbitrary files to the affected server, potentially leading to remote code execution. Exploitation requires the PRO version to be installed and activated, as well as a published form with an advanced file upload element.
Recommendations:
Update the Bit Form builder plugin to a version newer than 2.20.4.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bit Form Builder