WordPress Bit Form – Contact Form plugin <= 2.20.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bit Form versions = 2.20.3...

CVE-2025-6679 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co...

CVE-2024-13451

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...

CVE-2024-13451 Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

CVE-2024-12190

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...

CVE-2025-2580

The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

CVE-2025-2580

CVE-2025-2580 affects the WordPress plugin Contact Form by Bit Form (up to v2.18.3). It allows Stored XSS via SVG uploads, requiring Author+ authentication; arbitrary scripts can execute when users load the SVG. A patch exists (Patched), so upgrade to the fixed version to remediate; details in Wo...

CVE-2025-30885

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through = 2.18.0...

CVE-2025-30885

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through = 2.18.0...

WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh in WordPress Plugin Bit Form versions = 2.18.0...

CVE-2025-30885 WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through = 2.18.0...

CVE-2025-30885

CVE-2025-30885 is an Open Redirect vulnerability in Bit Form – Contact Form Plugin for WordPress. The WordPress plugin Bit Form &lt;= 2.18.0 is affected, enabling phishing via malicious redirects. The issue is tracked in CVE-2025-30885 and is listed as patched for Bit Form

CVE-2025-30885 WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through = 2.18.0...

CVE-2024-7777

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

CVE-2024-47335

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...

CVE-2024-47319

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through = 2.13.10...

CVE-2024-6123

The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload...

WordPress Bit Form – Contact Form plugin <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Bit Form versions = 2.17.4...