CVE-2024-47301

Summary

CVE-2024-47301 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting the Bit Form – Contact Form Plugin. The flaw, which permits Stored XSS attacks, exists in the plugin's web page generation process. Attackers can inject malicious code into forms, which is then stored and executed on unsuspecting users' browsers when they view affected pages. This issue extends from all versions of the plugin up to, and including, 2.13.10. Successful exploitation could lead to unintended website functionality, unauthorized access, or data theft. Users are strongly urged to update to the latest version of the plugin as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.