CVE-2026-8891 BitForm <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'width' and 'height' in the...

PT-2026-43527

The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes 'width' and 'height' in the...

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ Arbitrary JavaScript File Uploads vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection via getLogHistory Function vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

WordPress BitForm plugin 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion vulnerability

WordPress BitForm plugin 2.0 - 2.13.4 - Authenticater Administrator+ Arbitrary File Deletion vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.4...