CVE-2024-43250: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-43250) affects Bit Apps Bit Form Pro WordPress plugin versions through 2.6.4. It is classified as an Incorrect Authorization vulnerability that allows accessing functionality not properly constrained by ACLs. The vulnerability was discovered by Dave Jong and was published on August 12, 2024 (Patchstack).

The vulnerability has been assigned CWE-863 (Incorrect Authorization). It received a CVSS v3.1 base score of 6.5 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, while Patchstack assigned a score of 7.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. The vulnerability requires low privileged access and no user interaction to exploit (NVD).

The vulnerability allows authenticated users with subscriber-level privileges or higher to modify plugin settings, potentially leading to unauthorized changes in the application's configuration. This could result in high impact on integrity and availability of the affected system (Patchstack).

Users are advised to update to Bit Form Pro version 2.8.0 or later which contains the fix for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).