CVE-2024-13450

Name of the Vulnerable Software and Affected Versions The Contact Form by Bit Form plugin for WordPress versions up to and including 2.17.4

Description The issue is related to Server-Side Request Forgery, which can be exploited via the Webhooks integration. This allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations, potentially querying and modifying internal services. The issue can also be exploited in Multisite environments.

Recommendations For versions up to and including 2.17.4, consider disabling the Webhooks integration as a temporary workaround until a patch is available. Restrict access to the Webhooks functionality to minimize the risk of exploitation. Avoid using the Webhooks integration in Multisite environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.