CVE-2026-25418

The CVE-2026-25418 entry describes an SQL Injection vulnerability in WordPress Bit Form bit-form (affected: Bit Form

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

Wordpress plugin WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

CVE-2016-10869

The contact-form-plugin plugin before 4.0.2 for WordPress has XSS...

CVE-2017-18613

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...

CVE-2017-18491

The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

PT-2026-1763

Name of the Vulnerable Software and Affected Versions Gutenverse Form plugin for WordPress versions prior to 2.3.3 Description The Gutenverse Form plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin’s framework component allows SVG files through...

WordPress Gutenverse Form plugin <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Gutenverse Form versions = 2.3.2...

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

CVE-2013-7481

The contact-form-plugin plugin before 3.3.5 for WordPress has XSS...

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

CVE-2025-14901

CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

WordPress plugin Bit Form – Contact Form Plugin 安全漏洞

...

PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

CVE-2025-66117 WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...