What is the severity of CVE-2024-7775?

CVE-2024-7775 has a high severity rating due to its potential for arbitrary JavaScript file uploads.

How do I fix CVE-2024-7775?

To fix CVE-2024-7775, update the Contact Form Builder plugin to version 2.13.10 or later.

What versions of the Contact Form Builder are affected by CVE-2024-7775?

CVE-2024-7775 affects versions 2.0 to 2.13.9 of the Contact Form Builder plugin.

What kind of vulnerability is CVE-2024-7775?

CVE-2024-7775 is a vulnerability that allows for arbitrary JavaScript file uploads due to insufficient input validation.

Is user data at risk due to CVE-2024-7775?

Yes, CVE-2024-7775 poses a risk to user data as it can enable unauthorized script execution.

Vulnerability/
CVE-2024-7775

medium

5.5

CWE

79 20

EPSS

0.045%

20/8/2024

26/8/2024

CVE-2024-7775: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads

First published: Tue Aug 20 2024(Updated: )

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
Contact Form Builder	>=2.0.0<2.13.10

Remedy

https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Admin/AdminAjax.php#L1314

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-7775?
CVE-2024-7775 has a high severity rating due to its potential for arbitrary JavaScript file uploads.
How do I fix CVE-2024-7775?
To fix CVE-2024-7775, update the Contact Form Builder plugin to version 2.13.10 or later.
What versions of the Contact Form Builder are affected by CVE-2024-7775?
CVE-2024-7775 affects versions 2.0 to 2.13.9 of the Contact Form Builder plugin.
What kind of vulnerability is CVE-2024-7775?
CVE-2024-7775 is a vulnerability that allows for arbitrary JavaScript file uploads due to insufficient input validation.
Is user data at risk due to CVE-2024-7775?
Yes, CVE-2024-7775 poses a risk to user data as it can enable unauthorized script execution.

agent/weakness
agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/remedy
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/bitapps
canonical/contact form builder
version/contact form builder/2.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.