Lucene search
K

74 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS0.00691EPSS
Exploits0References13
CVE
CVE
added 6 days ago11 views

CVE-2026-14372

The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.33 views

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

7.6CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.14 views

CVE-2026-25418

The CVE-2026-25418 entry describes an SQL Injection vulnerability in WordPress Bit Form bit-form (affected: Bit Form

7.6CVSS5.9AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.4 views

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

5.8AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 6:35 a.m.16 views

CVE-2025-14901

CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.5 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.29 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin Bit Form – Contact Form Plugin 安全漏洞

...

6.5CVSS6.7AI score0.0035EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-48638

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50663

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.00434EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-48639

Malicious code in bioql PyPI...

9CVSS6.5AI score0.01025EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-8316

Malicious code in bioql PyPI...

4.7CVSS9AI score0.00394EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-48641

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00506EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17378

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00481EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-48643

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00915EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-47270

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00957EPSS
Exploits0References3
Rows per page
Query Builder