CVE-2025-2580 – Bit Form WordPress Contact Form Stored Cross-Site Scripting Vulnerability

April 25, 2025

CVE ID : CVE-2025-2580

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3511 – Mitsubishi Electric Corporation CC-Link IE TSN Denial of Service Remote Buffer Overflow

Next Article CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-2580 – Bit Form WordPress Contact Form Stored Cross-Site Scripting Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

Language Models Know More Than They Show: Exploring Hallucinations From the Model’s Viewpoint

CVE-2025-48745 – Apache HTTP Server Remote Code Execution Vulnerability

phởdav is a minimal WebDAV server

The emperors of AI coding tools have no clothes – and it’s creating a productivity delusion

CVE-2025-46532 – Haris Zulfiqar Tooltip Cross-site Scripting (XSS)

Anaconda launches unified AI platform, Parasoft adds agentic AI capabilities to testing tools, and more – SD Times Daily Digest

New generative AI tools open the doors of music creation

HCL Commerce V9.1 – Coexistence of the Headless Next.js Ruby & Aurora Storefronts

CVE-2025-2580 – Bit Form WordPress Contact Form Stored Cross-Site Scripting Vulnerability

Related Posts