jdeeQ: [Wordfence Alert] Problems found on [website]
Tonight I received an email with the subject line the same as this quesion title ([website] was my URL).
Sure enough, BitForm wordpress plugin page has a warning:
This plugin has been closed as of February 7, 2026 and is not available for download. This closure is temporary, pending a full review.
I haven't received any notice(s) from BitForm to advise what's going on. I went searching, and apparently similar happened in August 2024.
Can someone please explaing what's going on with BitForm?
Hi, WordPress sent us some requirements to meet their guidelines; that’s why the free version is not temporarily available in the WordPress repository.
We have already provided the requested items. We hope the free version will be live again on the WordPress repository soon.
If it takes long time, we will inform our users.
Currently, you can download the free version from our website.
IMPORTANT Note: these guidelines are not related to any bug or security issues.
They are related to how our support team handled some tickets in the WordPress repository, for which they need clarification.
Verified purchaser
While I trusted the "IMPORTANT Note", I want to alert users that today I received an email from Patchstack ("a specialized security plugin and platform") that clearly stated:
Bit Form
Plugin
Low priority SQL Injection vulnerability found in version(s) <= 2.21.10
2.21.10 is the version that's been taken down in WordPress, still down
Certainly buyer beware for this product.
Hi Jdee, We have submitted the patched version on February 14 for this vulnerability.
Patchstack follows a standard disclosure policy where they allow a one-week review window after a vulnerability is reported. If the patched version is not reviewed and approved within that timeframe, the vulnerability may still be published in their database as part of their disclosure process.
At this moment, our patched version has not yet been approved. If there is further delay in their approval process, we will proceed by releasing the patched version directly through our own system and WordPress SVN to ensure all users have immediate access to the update.
Our patch has been approved by Patchstack and the vulnerability has been resolved.