232 matches found
CVE-2026-14372
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...
EUVD-2026-42564
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...
CVE-2026-14372
The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...
CVE-2026-14372 Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parameter
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...
CVE-2026-14372
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...
CVE-2026-25418
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...
CVE-2026-25418
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...
CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...
CVE-2026-25418
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...
CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...
CVE-2026-25418
The CVE-2026-25418 entry describes an SQL Injection vulnerability in WordPress Bit Form bit-form (affected: Bit Form
WordPress plugin Bit Form 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-20740
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...
WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection vulnerability
WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions 2.0-2.13.9...
WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bit Form versions = 2.21.10...
CVE-2025-14901
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability
WordPress Bit Form - Contact Form Plugin plugin = 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability discovered by andrea bocchetti in WordPress Plugin Bit Form versions = 2.21.6...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...