CVE-2024-1640 – Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration
https://notcve.org/view.php?id=CVE-2024-1640
The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions. El complemento Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una validación insuficiente del usuario en la acción AJAX bitforms_update_form_entry en todas las versiones hasta e incluyendo, 2.10.1. Esto hace posible que atacantes no autenticados modifiquen los envíos de formularios. • https://plugins.trac.wordpress.org/changeset/3048523/bit-form/trunk/includes/Frontend/Ajax/FrontendAjax.php https://www.wordfence.com/threat-intel/vulnerabilities/id/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •