CVE-2024-6123
📋 TL;DR
The Bit Form WordPress plugin allows authenticated attackers with administrator permissions to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. Only WordPress sites using vulnerable versions of the Bit Form plugin are affected.
💻 Affected Systems
- Bit Form WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, malware deployment, or site defacement.
Likely Case
Unauthorized file upload leading to webshell installation and persistent backdoor access.
If Mitigated
Limited impact with proper file upload restrictions and administrator account security.
🎯 Exploit Status
Exploitation requires administrator credentials but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.13.4 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3114814/bit-form/trunk/includes/Admin/AdminAjax.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Bit Form plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.13.4+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable Bit Form Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate bit-form
Restrict File Uploads via .htaccess
linuxBlock execution of uploaded files in upload directories.
Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>
🧯 If You Can't Patch
- Implement strict file upload validation at web server level
- Monitor administrator account activity and implement multi-factor authentication
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Bit Form → Version number. If version is 2.13.3 or lower, you are vulnerable.Check Version:
wp plugin get bit-form --field=versionVerify Fix Applied:
Verify Bit Form plugin version is 2.13.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads via /wp-admin/admin-ajax.php
- POST requests to iconUpload endpoint with non-image files
Network Indicators:
- HTTP POST to /wp-admin/admin-ajax.php with action=iconUpload containing executable files
SIEM Query:
source="web_access.log" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="iconUpload" AND NOT params.filetype IN ("image/jpeg", "image/png", "image/gif")🔗 References
- https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176
- https://plugins.trac.wordpress.org/changeset/3114814/bit-form/trunk/includes/Admin/AdminAjax.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve
- https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve
