Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bitpressadmin — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting bitpressadmin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bitpressadmin is a WordPress plugin primarily utilized for managing and displaying press releases, serving as a central tool for public relations automation and media distribution. Historically, its codebase has been associated with twenty-one Common Vulnerabilities and Exposures (CVEs), predominantly stemming from insufficient input validation and improper sanitization of user-supplied data. The most frequent vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often facilitated by insecure file upload mechanisms and weak authentication checks. Privilege escalation issues have also been documented, allowing unauthorized users to gain administrative access. These flaws typically arise from legacy code structures that lack modern security hardening practices. While no single catastrophic incident has defined its history, the cumulative effect of these CVEs highlights significant risks for organizations relying on the plugin without rigorous patch management.

Top products by bitpressadmin: Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder File Manager Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-862 6.5 Medium2026-01-07
CVE-2025-6679 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-434 9.8 Critical2025-08-15
CVE-2024-13451 Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-200 5.3 Medium2025-07-02
CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads — File ManagerCWE-434 6.4 Medium2025-06-03
CVE-2025-2580 Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-79 4.9 Medium2025-04-25
CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter — Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit AssistCWE-23 6.5 Medium2025-02-15
CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function — Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit AssistCWE-23 4.9 Medium2025-02-14
CVE-2025-0821 Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter — Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit AssistCWE-89 6.5 Medium2025-02-14
CVE-2024-13450 Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-918 3.8 Low2025-01-25
CVE-2024-12190 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-862 4.3 Medium2024-12-25
CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-20 4.9 Medium2024-10-11
CVE-2024-8743 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload — File ManagerCWE-434 6.8 Medium2024-10-05
CVE-2024-7770 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload — File ManagerCWE-434 8.8 High2024-09-10
CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition — Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPressCWE-94 8.1 High2024-09-05
CVE-2024-7782 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion — Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builderCWE-22 8.7 High2024-08-20
CVE-2024-7780 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection — Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builderCWE-89 7.2 High2024-08-20
CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion — Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builderCWE-22 9.0 Critical2024-08-20
CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads — Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builderCWE-79 5.5 Medium2024-08-20
CVE-2024-7702 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function — Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builderCWE-89 7.2 High2024-08-20
CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-434 7.2 High2024-07-09
CVE-2024-1640 Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-639 5.3 Medium2024-03-13

This page lists every published CVE security advisory associated with bitpressadmin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.