CVE-2024-7782: 
WordPress vulnerability analysis and mitigation

The Contact Form by Bit Form WordPress plugin (versions 2.0 to 2.13.4) contains a vulnerability tracked as CVE-2024-7782. The vulnerability stems from insufficient file path validation in the iconRemove function, which allows authenticated attackers with Administrator-level access to perform arbitrary file deletion on the server (NVD).

The vulnerability is classified as a path traversal issue (CWE-22) that enables arbitrary file deletion. It has received varying CVSS v3.1 severity ratings: NIST assigned a score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H, while Wordfence rated it at 8.7 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H (NVD).

If exploited, this vulnerability could lead to remote code execution when critical files (such as wp-config.php) are deleted from the server. The impact is particularly severe as it affects the integrity and availability of the WordPress installation (NVD).

Users should update their Contact Form by Bit Form plugin to version 2.13.5 or later, which contains the security patch for this vulnerability (NVD).