VYPR

Bit Form – Contact Form Plugin

by WordPress

CVEs (1)

  • CVE-2025-14901MedJan 7, 2026
    risk 0.42cvss 6.5epss 0.00

    The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the…