CVE-2025-6679 is a critical vulnerability affecting the Bit Form plugin for WordPress, specifically the 'Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder' developed by bitpressadmin. This vulnerability arises from improper validation of file types during upload processes (classified under CWE-434: Unrestricted Upload of File with Dangerous Type). The flaw exists in all versions up to and including 2.20.4. An unauthenticated attacker can exploit this vulnerability to upload arbitrary files to the server hosting the affected WordPress site. However, exploitation requires that the PRO version of the plugin is installed and activated, and that a form containing an advanced file upload element is published and accessible. The lack of file type validation means malicious files, such as web shells or scripts, can be uploaded, potentially leading to remote code execution (RCE). This can allow attackers to execute arbitrary commands on the server, compromising confidentiality, integrity, and availability of the affected system. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the high severity and ease of exploitation make this a significant threat to WordPress sites using this plugin, especially those with the PRO version and advanced file upload forms enabled.

For European organizations, this vulnerability poses a severe risk, particularly for businesses and institutions relying on WordPress websites with the Bit Form PRO plugin for customer interactions, payments, or quizzes. Successful exploitation could lead to full server compromise, data breaches involving sensitive customer or business data, defacement of websites, or use of the compromised server as a pivot point for further attacks within the organization's network. This could result in regulatory non-compliance issues under GDPR due to data exposure, financial losses from service disruption or fraud, and reputational damage. Organizations in sectors such as e-commerce, finance, healthcare, and public services that use WordPress extensively are especially at risk. The fact that no authentication or user interaction is required increases the likelihood of automated exploitation attempts, potentially leading to widespread impact if not mitigated promptly.

1. Immediate upgrade: Organizations should update the Bit Form plugin to a version where this vulnerability is patched once available. Since no patch links are currently provided, monitoring vendor announcements and WordPress plugin repositories for updates is critical. 2. Disable or remove the PRO version and advanced file upload elements if not essential, as exploitation requires these components. 3. Implement web application firewalls (WAFs) with rules to detect and block suspicious file upload attempts, especially those targeting the affected plugin endpoints. 4. Restrict file upload permissions and ensure that uploaded files are stored outside of the web root or in directories with strict execution permissions to prevent execution of malicious files. 5. Conduct regular security audits and scanning for web shells or unauthorized files on servers hosting WordPress sites. 6. Employ monitoring and alerting for unusual file upload activity or server behavior indicative of compromise. 7. Harden WordPress installations by following best practices, including least privilege principles for file and directory permissions and disabling unnecessary plugins or features. 8. Educate site administrators on the risks associated with enabling advanced file upload forms and encourage cautious configuration.