cleantalk
Vulnerabilities and Security Researches

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form, CVE-2026-25418

CVE, Research URL

CVE-2026-25418

Home page URL

Security reports for Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form

Application

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form

Published on
Feb 19, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
Affected versions
max 2.21.10.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026