5 matches found
CVE-2025-14901
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability
WordPress Bit Form - Contact Form Plugin plugin = 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability discovered by andrea bocchetti in WordPress Plugin Bit Form versions = 2.21.6...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901
CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...