5.3
CVE-2024-1640
- EPSS 0.28%
- Veröffentlicht 13.03.2024 16:15:24
- Zuletzt bearbeitet 03.04.2025 13:12:35
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginContact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration
The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions.
Mögliche Gegenmaßnahme
Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder: Update to version 2.10.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder
Version
*-2.10.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bitapps ≫ Contact Form Builder SwPlatformwordpress Version < 2.10.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.508 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|