Vulnerabilities and security researches forbit-integrations bit-integrations

Jun 19, 2026

CVE, Research URL: CVE-2026-11989
Home page URL: Security reports for Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations
Application: Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations
Date: Jun 19, 2026
Research Description: The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the upload_attachment. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires a form integration to be configured with a field mapped to a WooCommerce product image, product gallery, downloadable files, or Google Contacts attachment field, which is a default use case for these integrations.
Affected versions: max 2.8.8.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30884
Home page URL: Security reports for Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations
Application: Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations
Date: Mar 27, 2025
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations bit-integrations allows Phishing.This issue affects Bit Integrations: from n/a through <= 2.4.10.
Affected versions: max 2.5.0.
Status: vulnerable