CVE-2024-6123

The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload...

WordPress plugin Post Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Contact Form & SMTP Plugin versions = 2.6.0...

PT-2025-2179 · Pirateforms · Contact Form & Smtp Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form & SMTP Plugin for WordPress by PirateForms versions up to, and including, 2.6.0 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before running do...

WordPress plugin The Contact Form & SMTP Plugin for WordPress by PirateForms 代码注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin The Contact Form & SMTP Plugin fo...

CVE-2024-12749

The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Bit Form – Contact Form plugin <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Bit Form versions = 2.17.4...

CVE-2024-13450

CVE-2024-13450 refers to the WordPress plugin “Contact Form by Bit Form” (versions ≤ 2.17.4). The issue is an authenticated SSRF via the Webhooks integration, allowing an attacker with Administrator-level access (and in multisite) to trigger web requests from the application to arbitrary internal...

CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...

CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...

CVE-2024-10646

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-12201

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...

CVE-2024-12201 Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, ...

CVE-2024-12201

CVE-2024-12201 relates to the WordPress plugin Hash Form – Drag & Drop Form Builder . It is described as vulnerable in all versions up to 1.2.1 due to a missing capability check during creation of form styles, enabling authenticated attackers with Contributor-level access and above to create new ...

WordPress plugin Hash Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-11188

Formidable Forms – Contact Form Plugin for WordPress (CVE-2024-11188) is affected by a POST-based Reflected Cross-Site Scripting vulnerability via Custom HTML Form parameters in all versions up to 6.16.1.2, caused by insufficient input sanitization and output escaping. Attackers can exploit this ...

WordPress plugin Bit Form 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress Bit Form plugin <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation to Arbitrary File Read vulnerability

Authenticated Administrator+ Improper Input Validation to Arbitrary File Read vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions = 2.15.2...

CVE-2024-47335

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.13.11...

CVE-2024-47335

CVE-2024-47335 is a SQL Injection vulnerability in the WordPress plugin Bit Form – Contact Form Plugin (versions