CVE-2025-30900 WordPress Zoho Billing – Embed Payment Form plugin <= 4.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0...

CVE-2025-30885

CVE-2025-30885 is an Open Redirect vulnerability in Bit Form – Contact Form Plugin for WordPress. The WordPress plugin Bit Form &lt;= 2.18.0 is affected, enabling phishing via malicious redirects. The issue is tracked in CVE-2025-30885 and is listed as patched for Bit Form

CVE-2025-30885 WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through = 2.18.0...

CVE-2025-30885 WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through = 2.18.0...

CVE-2024-11273

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

WordPress plugin Bit Form – Contact Form Plugin 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

CVE-2024-8420

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

CVE-2024-8420

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

CVE-2024-8420 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

CVE-2024-8420

CVE-2024-8420: DHVC Form for WordPress (

CVE-2024-8420 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Easy Form versions = 2.6.9...

CVE-2024-7777

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

CVE-2024-47335

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...

CVE-2024-47319

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through = 2.13.10...

CVE-2024-10646

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...