3 matches found
CVE-2025-2580
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...
CVE-2025-2580
creationtimestamp| type| source ---|---|--- 2025-04-25 05:42:33+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmiywtc5wb2 2025-04-25 06:10:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13383 2025-04-25 09:09:11+00:00| seen|...
WordPress Contact Form by Bit Form plugin <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Bit Form versions = 2.18.3...