CVE-2024-13451

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form plugin for WordPress versions up to and including 2.17.4

Description: The issue allows unauthenticated attackers to extract sensitive data, including files uploaded via a form, due to insufficient directory listing prevention and lack of randomization of file names. This is possible through file uploads.

Recommendations: For versions up to and including 2.17.4, update to version 2.17.5 or later to partially mitigate the issue. As a temporary workaround, consider restricting access to file uploads until a more comprehensive patch is available.