Skip to main content

Bit Integrations Form Integration Webhook Spreadsheets Crm Lms Email Automation

1 CVEs product

Monthly

CVE-2026-11989 MEDIUM This Month

Server-Side Request Forgery in the Bit Integrations WordPress plugin (all versions through 2.8.7) allows unauthenticated attackers to force the web server to issue arbitrary HTTP requests to internal or external locations via the upload_attachment function. Exploitation enables querying and modifying data from internal services reachable by the web server, including metadata services in cloud environments, internal APIs, or private network endpoints. No public exploit is identified at time of analysis, but the attack requires only a default integration configuration, substantially lowering the practical barrier to exploitation.

Google WordPress SSRF Bit Integrations Form Integration Webhook Spreadsheets Crm Lms Email Automation
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-Side Request Forgery in the Bit Integrations WordPress plugin (all versions through 2.8.7) allows unauthenticated attackers to force the web server to issue arbitrary HTTP requests to internal or external locations via the upload_attachment function. Exploitation enables querying and modifying data from internal services reachable by the web server, including metadata services in cloud environments, internal APIs, or private network endpoints. No public exploit is identified at time of analysis, but the attack requires only a default integration configuration, substantially lowering the practical barrier to exploitation.

Google WordPress SSRF +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy