cleantalk
Vulnerabilities and Security Researches

Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations, CVE-2026-11989

CVE, Research URL

CVE-2026-11989

Home page URL

Security reports for Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations

Application

Webhook Automator & Form Integration to Automate 200+ Platforms – Bit Integrations

Published on
Jun 19, 2026
Research Description
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the upload_attachment. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires a form integration to be configured with a field mapped to a WooCommerce product image, product gallery, downloadable files, or Google Contacts attachment field, which is a default use case for these integrations.
Affected versions
max 2.8.8.
Status
vulnerable
Previous vulnerability researches
Web Push Notifications by PushEngage: WordPress Push Notifications to Supercharge Your Engagement (CVE-2026-52698) , Jun 19, 2026
New vulnerability
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress – WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026