CVE-2024-7782

Published Aug 20, 2024

Last updated 3 months ago

Overview

Description
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Source
security@wordfence.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-22
security@wordfence.com
CWE-22

Social media

Hype score
Not currently trending

Configurations