CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/27 5:31 a.m.•5 views

CVE-2026-8891

The CVE-2026-8891 entry concerns the BitForm WordPress plugin. Affected component: BitForm shortcode handling in WordPress plugin versions up to and including 1.1.0. Root cause: insufficient input sanitization and output escaping on user-supplied shortcode attributes (width and height) in Shortco...

Cvelist•added 2026/05/27 5:31 a.m.•25 views

CVE-2026-8891 BitForm <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00034EPSS

EUVD•added 2026/05/27 5:31 a.m.•4 views

EUVD-2026-32077

ATTACKERKB•added 2026/05/27 5:31 a.m.•4 views

CVE-2026-8891

6AI score0.00034EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 5:31 a.m.•5 views

CVE-2026-8891 BitForm <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin BitForm 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00034EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43527

Patchstack•added 2026/05/26 5:27 p.m.•5 views

Exploits0References5

WordPress BitForm – Data management solution for WordPress plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BitForm – Data management solution for WordPress versions = 1.1.0...

6.4CVSS5.8AI score0.00034EPSS

CNNVD•added 2025/01/25 12:0 a.m.•3 views

WordPress plugin Contact Form by Bit Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

6.5CVSS8.4AI score0.00342EPSS

Exploits0References1

Patchstack•added 2024/08/20 12:39 a.m.•2 views

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ Arbitrary File Read And Deletion vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

9CVSS7.1AI score0.04032EPSS

Patchstack•added 2024/08/20 12:34 a.m.•2 views

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ Arbitrary JavaScript File Uploads vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

5.5CVSS7AI score0.00246EPSS

Patchstack•added 2024/08/20 12:32 a.m.•1 views

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection via getLogHistory Function vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

7.2CVSS8.1AI score0.00694EPSS

Patchstack•added 2024/08/20 12:16 a.m.•1 views

WordPress BitForm plugin 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion vulnerability

WordPress BitForm plugin 2.0 - 2.13.4 - Authenticater Administrator+ Arbitrary File Deletion vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.4...

8.7CVSS7.1AI score0.10105EPSS