The Bit Form WordPress plugin (versions up to 3.1.1) is vulnerable to arbitrary file deletion due to insufficient file path validation, allowing authenticated attackers with subscriber-level access to delete critical server files like wp-config.php, potentially leading to remote code execution.
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress
wordpress
plugin
vulnerability
web
rce
file-deletion
3t
1c