Bit Form
Products
1- 16 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14901 | Med | 0.42 | 6.5 | 0.00 | Jan 7, 2026 | The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the… | ||
| CVE-2013-7481 | Med | 0.40 | 6.1 | 0.01 | Aug 22, 2019 | The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | ||
| CVE-2017-18491 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. | ||
| CVE-2016-10869 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. | ||
| CVE-2015-9295 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 3.96 for WordPress has XSS. | ||
| CVE-2013-7475 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 3.52 for WordPress has XSS. | ||
| CVE-2024-2198 | Med | 0.33 | 6.1 | 0.00 | Apr 9, 2024 | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible… | ||
| CVE-2024-9507 | Med | 0.25 | 4.9 | 0.01 | Oct 11, 2024 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the… | ||
| CVE-2014-125095 | Low | 0.16 | 3.5 | 0.01 | Apr 9, 2023 | A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site… | ||
| CVE-2024-13451 | 0.00 | — | 0.00 | Jul 2, 2025 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient… | |||
| CVE-2025-5730 | 0.00 | — | 0.00 | Jun 30, 2025 | The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | |||
| CVE-2024-13450 | 0.00 | — | 0.00 | Jan 25, 2025 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it… | |||
| CVE-2024-7780 | 0.00 | — | 0.01 | Aug 20, 2024 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the… | |||
| CVE-2024-7777 | 0.00 | — | 0.01 | Aug 20, 2024 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to… | |||
| CVE-2024-7775 | 0.00 | — | 0.00 | Aug 20, 2024 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to… | |||
| CVE-2024-7702 | 0.00 | — | 0.00 | Aug 20, 2024 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the… |
- risk 0.42cvss 6.5epss 0.00
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the…
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
- risk 0.33cvss 6.1epss 0.00
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible…
- risk 0.25cvss 4.9epss 0.01
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the…
- risk 0.16cvss 3.5epss 0.01
A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site…
- CVE-2024-13451Jul 2, 2025risk 0.00cvss —epss 0.00
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient…
- CVE-2025-5730Jun 30, 2025risk 0.00cvss —epss 0.00
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
- CVE-2024-13450Jan 25, 2025risk 0.00cvss —epss 0.00
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it…
- CVE-2024-7780Aug 20, 2024risk 0.00cvss —epss 0.01
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the…
- CVE-2024-7777Aug 20, 2024risk 0.00cvss —epss 0.01
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to…
- CVE-2024-7775Aug 20, 2024risk 0.00cvss —epss 0.00
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to…
- CVE-2024-7702Aug 20, 2024risk 0.00cvss —epss 0.00
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the…