Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder — Vulnerabilities & Security Advisories 9

All 9 CVE vulnerabilities found in Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: bitpressadmin

CVE IDTitleCVSSSeverityPublished
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay CWE-862 6.5 Medium2026-01-07
CVE-2025-6679 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload CWE-434 9.8 Critical2025-08-15
CVE-2024-13451 Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure CWE-200 5.3 Medium2025-07-02
CVE-2025-2580 Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 4.9 Medium2025-04-25
CVE-2024-13450 Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery CWE-918 3.8 Low2025-01-25
CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure CWE-862 4.3 Medium2024-12-25
CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read CWE-20 4.9 Medium2024-10-11
CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload CWE-434 7.2 High2024-07-09
CVE-2024-1640 Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration CWE-639 5.3 Medium2024-03-13

All 9 known CVE vulnerabilities affecting Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder with full Chinese analysis, references, and POCs where available.