SQL Injection Vulnerability in Bit Form Plugin by Bitpressadmin
CVE-2026-25418

Currently unrated

Key Information:

Vendor

WordPress
Status
Bit Form
Vendor
CVE Published:
19 February 2026

What is CVE-2026-25418?

The Bit Form plugin by Bitpressadmin is exposed to an SQL Injection vulnerability that allows attackers to manipulate SQL queries. This flaw can be exploited to gain unauthorized access to the database, extract sensitive information, or perform other malicious operations. The issue has been identified in versions of Bit Form up to and including 2.21.10, increasing the risk for users who have not updated their plugin. It is crucial for site administrators to apply patches and ensure their WordPress installations are secure against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Bit Form <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/bit-form...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
JSON
.