Lucene search
K

232 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS0.00691EPSS
Exploits0References13
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42564

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
CVE
CVE
added 6 days ago11 views

CVE-2026-14372

The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-14372 Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parameter

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS0.00691EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.6 views

CVE-2026-25418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

7.6CVSS5.9AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.5 views

CVE-2026-25418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

7.6CVSS0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.33 views

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

7.6CVSS0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.3 views

CVE-2026-25418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

5.8AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.4 views

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

5.8AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.15 views

CVE-2026-25418

The CVE-2026-25418 entry describes an SQL Injection vulnerability in WordPress Bit Form bit-form (affected: Bit Form

7.6CVSS5.9AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Bit Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.6CVSS5.9AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20740

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

5.8AI score0.00276EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 8:26 a.m.7 views

WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection vulnerability

WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions 2.0-2.13.9...

7.2CVSS5.7AI score0.00506EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 9:16 a.m.7 views

WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bit Form versions = 2.21.10...

7.6CVSS5.9AI score0.00276EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/07 7:38 a.m.7 views

WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability

WordPress Bit Form - Contact Form Plugin plugin = 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability discovered by andrea bocchetti in WordPress Plugin Bit Form versions = 2.21.6...

6.5CVSS6.8AI score0.0035EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.5 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.29 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Rows per page
Query Builder