Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-6123
CVE-2024-6123:
WordPress vulnerability analysis and mitigation
Overview
The Bit Form plugin for WordPress (versions up to 2.13.3) contains a vulnerability related to arbitrary file uploads due to missing file type validation in the 'iconUpload' function. This vulnerability was assigned CVE-2024-6123 and was discovered in July 2024 (NVD).
Technical details
The vulnerability stems from insufficient file type validation in the 'iconUpload' function within the WordPress Bit Form plugin. The issue has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) (Wordfence).
Impact
The vulnerability allows authenticated attackers with administrator-level permissions to upload arbitrary files to the affected site's server, potentially enabling remote code execution (NVD).
Mitigation and workarounds
Users should update their Bit Form plugin to a version newer than 2.13.3 to address this vulnerability. The issue has been patched in subsequent releases (Wordfence).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management