integrable SQL Injection Vulnerability Affects Contact Form Plugin
CVE-2024-7702
7.2HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 20 August 2024
What is CVE-2024-7702?
The Contact Form plugin by Bit Form, encompassing multiple functionalities like Multi Step Form, Calculation Contact Form, Payment Contact Form, and Custom Contact Form builder, is susceptible to SQL injection attacks. This security flaw arises from inadequate escaping of the user-supplied entryID parameter, combined with insufficient preparation in the SQL query. Authenticated users with Administrator-level access or higher may exploit this vulnerability to append malicious SQL queries, potentially enabling them to access sensitive information from the database.
Affected Version(s)
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 <= 2.13.9