Unauthorized Data Modification in Bit Form Plugin for WordPress
CVE-2024-1640

5.3MEDIUM

Key Information:

Vendor

Wordpress
Status
Contact Form Builder By Bit Form: Create Contact Form, Multi Step Form, Conversational Form
Vendor
CVE Published:
13 March 2024

What is CVE-2024-1640?

The Contact Form Builder Plugin by Bit Form for WordPress contains a flaw that allows unauthenticated users to modify form submissions through insufficient user validation on the bitforms_update_form_entry AJAX action. This vulnerability affects all versions of the plugin up to and including 2.10.1, posing a significant risk for websites utilizing this plugin.

Affected Version(s)

Contact Form Builder by Bit Form: Create Contact Form, Multi Step Form, Conversational Form * <= 2.10.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3048523/bit-...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio Sá
.