{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T14:22:07.952","vulnerabilities":[{"cve":{"id":"CVE-2024-7775","sourceIdentifier":"security@wordfence.com","published":"2024-08-20T04:15:10.033","lastModified":"2026-06-17T08:20:53.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server."},{"lang":"es","value":"El complemento Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder para WordPress es vulnerable a cargas arbitrarias de archivos JavaScript debido a la falta de validación de entrada en la función addCustomCode en las versiones 2.0 a 2.13.9. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, carguen archivos JavaScript arbitrarios en el servidor del sitio afectado."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"bitpressadmin","product":"Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder","defaultStatus":"unaffected","versions":[{"version":"2.0","lessThanOrEqual":"2.13.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-20T13:47:38.549200Z","id":"CVE-2024-7775","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bitapps:contact_form_builder:*:*:*:*:*:wordpress:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.13.10","matchCriteriaId":"CE5FAC6F-CAFC-45B1-88E0-5ACC3E56CBAB"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Admin/AdminAjax.php#L1314","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3936d7dc-840e-41fc-8af4-db40c0cff660?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}