CVE-2024-47335

{"id": "CVE-2024-47335", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.3}]}, "published": "2024-10-07T06:15:04.617", "references": [{"url": "https://patchstack.com/database/vulnerability/bit-form/wordpress-bit-form-plugin-2-13-11-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form \u2013 Contact Form Plugin allows SQL Injection.This issue affects Bit Form \u2013 Contact Form Plugin: from n/a through 2.13.11."}], "lastModified": "2024-10-07T17:47:48.410", "sourceIdentifier": "audit@patchstack.com"}