CVE-2024-7702: 
WordPress vulnerability analysis and mitigation

The Contact Form by Bit Form WordPress plugin (versions 2.0 to 2.13.9) contains a SQL Injection vulnerability identified as CVE-2024-7702. The vulnerability exists due to insufficient escaping of the entryID parameter and inadequate SQL query preparation. This security issue was discovered and reported by TANG Cheuk Hei (siunam) (Wordfence Advisory).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 base score of 7.2 (High). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and affecting only the local system scope (S:U). The impact includes high potential for confidentiality, integrity, and availability compromise (C:H/I:H/A:H) (NVD Database).

The vulnerability allows authenticated attackers with Administrator-level access to append additional SQL queries to existing ones, potentially enabling the extraction of sensitive information from the database (NVD Database).

Users should upgrade to version 2.13.10 or later of the Contact Form by Bit Form plugin, which contains the security patch for this vulnerability (NVD Database).