Stored XSS Vulnerability in Bit Form Contact Form Plugin
CVE-2024-47301

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bit Form – Contact Form Plugin
Vendor: CVE Published:; 6 October 2024

Summary

A security vulnerability exists in the Bit Form – Contact Form Plugin due to improper neutralization of user input during web page generation, leading to a Cross-site Scripting (XSS) risk. This vulnerability allows an attacker to inject malicious scripts into the web application, which can then be executed in the context of another user's session. It impacts all versions of the Bit Form – Contact Form Plugin up to and including version 2.13.10. Attackers exploiting this vulnerability could potentially gain unauthorized access to sensitive information or carry out other malicious actions by manipulating user interactions.

Affected Version(s)

Bit Form – Contact Form Plugin <= 2.13.10

References

https://patchstack.com/database/vulnerability/bit-form/wo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Manab Jyoti Dowarah (Patchstack Alliance)