CVE-2025-30885 MEDIUM

CVE-2025-30885: WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

Vendor Bit Apps
Product Bit Form
Weakness CWE-601 · Open redirect
Published March 27, 2025
Last update April 28, 2026

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through <= 2.18.0.

Explanation of Vulnerability in Simple Terms

02Summary

Bit Form versions up to 2.18.0 contain an open redirect vulnerability. When a user clicks a malicious link, the form can redirect them to an attacker-controlled website. The attacker has no direct control over the site but can trick users into visiting external URLs through crafted form redirects. This could be used for phishing or credential theft.

What an attacker can do

03Attacker Capabilities

Redirect users to a malicious website when they interact with a crafted form link.

Potential impact on your site

04Site Impact

Users visiting your site via malicious links could be redirected to phishing pages or malware sites, damaging trust.

Conditions required to exploit

05Prerequisites

User must click a malicious link containing a crafted redirect parameter.

Key dates

06Disclosure timeline

March 27, 2025 CVE published
April 28, 2026 Record updated