integrable SQL Injection Vulnerability Affects Contact Form Plugin
CVE-2024-7702

7.2HIGH

Key Information:

Vendor

Wordpress
Status
Contact Form By Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form Builder
Vendor
CVE Published:
20 August 2024

What is CVE-2024-7702?

The Contact Form plugin by Bit Form, encompassing multiple functionalities like Multi Step Form, Calculation Contact Form, Payment Contact Form, and Custom Contact Form builder, is susceptible to SQL injection attacks. This security flaw arises from inadequate escaping of the user-supplied entryID parameter, combined with insufficient preparation in the SQL query. Authenticated users with Administrator-level access or higher may exploit this vulnerability to append malicious SQL queries, potentially enabling them to access sensitive information from the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 <= 2.13.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/bit-form/trunk...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TANG Cheuk Hei
JSON
.