Lucene search

[email protected]NVD:CVE-2024-43250

HistoryAug 19, 2024 - 6:15 p.m.

CVE-2024-43250

2024-08-1918:15:11

CWE-863

[email protected]

web.nvd.nist.gov

bit apps

bit form pro

access control

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.

Affected configurations

Nvd

Node

bitappsbit_formRange≤2.6.4prowordpress

VendorProductVersionCPE
bitappsbit_form*cpe:2.3:a:bitapps:bit_form:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
bitapps	bit_form	*	cpe:2.3:a:bitapps:bit_form:::::pro:wordpress::

References

patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-plugin-settings-change-vulnerability?_s_id=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for NVD:CVE-2024-43250

cvelist1 cve1 vulnrichment1 wordfence1