{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47335", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-09-24T13:00:47.394Z", "datePublished": "2024-10-07T05:31:04.253Z", "dateUpdated": "2024-10-07T13:02:42.819Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "bit-form", "product": "Bit Form \u2013 Contact Form Plugin", "vendor": "Bit Form", "versions": [{"changes": [{"at": "2.13.12", "status": "unaffected"}], "lessThanOrEqual": "2.13.11", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Certus Cybersecurity (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form \u2013 Contact Form Plugin allows SQL Injection.<p>This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.13.11.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form \u2013 Contact Form Plugin allows SQL Injection.This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.13.11."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-07T05:31:04.253Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/bit-form/wordpress-bit-form-plugin-2-13-11-sql-injection-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.13.12 or a higher version."}], "value": "Update to 2.13.12 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-07T13:02:26.280097Z", "id": "CVE-2024-47335", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T13:02:42.819Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47335", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-07T13:02:26.280097Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T13:02:33.502Z"}}], "cna": {"title": "WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Certus Cybersecurity (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Bit Form", "product": "Bit Form \u2013 Contact Form Plugin", "versions": [{"status": "affected", "changes": [{"at": "2.13.12", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.13.11"}], "packageName": "bit-form", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 2.13.12 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 2.13.12 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/bit-form/wordpress-bit-form-plugin-2-13-11-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form \u2013 Contact Form Plugin allows SQL Injection.This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.13.11.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form \u2013 Contact Form Plugin allows SQL Injection.<p>This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.13.11.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-07T05:31:04.253Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47335", "state": "PUBLISHED", "dateUpdated": "2024-10-07T13:02:42.819Z", "dateReserved": "2024-09-24T13:00:47.394Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-10-07T05:31:04.253Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form \u2013 Contact Form Plugin allows SQL Injection.This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.13.11."}], "id": "CVE-2024-47335", "lastModified": "2024-10-07T17:47:48.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-10-07T06:15:04.617", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/vulnerability/bit-form/wordpress-bit-form-plugin-2-13-11-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}