cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forbit-integrations bit-integrations

Direction: ascending
Apr 02, 2025

Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations # CVE-2025-30884

CVE, Research URL

CVE-2025-30884

Home page URL

Security reports for Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations

Application

Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations

Date
Mar 27, 2025
Research Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations bit-integrations allows Phishing.This issue affects Bit Integrations: from n/a through <= 2.4.10.
Affected versions
max 2.5.0.
Status
vulnerable
Jun 19, 2026

Webhook Automator &amp; Form Integration to Automate 200+ Platforms – Bit Integrations # CVE-2026-11989

CVE, Research URL

CVE-2026-11989

Home page URL

Security reports for Webhook Automator &amp; Form Integration to Automate 200+ Platforms – Bit Integrations

Application

Webhook Automator &amp; Form Integration to Automate 200+ Platforms – Bit Integrations

Date
Jun 19, 2026
Research Description
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the upload_attachment. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires a form integration to be configured with a field mapped to a WooCommerce product image, product gallery, downloadable files, or Google Contacts attachment field, which is a default use case for these integrations.
Affected versions
max 2.8.8.
Status
vulnerable