CVE-2024-1640

Name of the Vulnerable Software and Affected Versions The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress versions up to, and including, 2.10.1

Description The issue is related to insufficient user validation on the bitforms update form entry AJAX action, allowing unauthorized modification of data. This makes it possible for unauthenticated attackers to modify form submissions.

Recommendations For versions up to, and including, 2.10.1, update to a version higher than 2.10.1 to resolve the issue. As a temporary workaround, consider restricting access to the bitforms update form entry AJAX action until a patch is available.