CVE-2024-43248 – CVE-2024-43248 is an unauthenticated path trave... (How to Fix)

Q: What is the severity of CVE-2024-43248?

CVE-2024-43248 has a CVSS score of 8.6 (HIGH). CVE-2024-43248 is an unauthenticated path traversal vulnerability in Bit Form Pro WordPress plugin that allows attackers to delete arbitrary files on the server. This affects all WordPress sites running Bit Form Pro versions up to 2.6.4. Attackers can exploit this without authentication to manipulate or delete critical system files.

📋 TL;DR

CVE-2024-43248 is an unauthenticated path traversal vulnerability in Bit Form Pro WordPress plugin that allows attackers to delete arbitrary files on the server. This affects all WordPress sites running Bit Form Pro versions up to 2.6.4. Attackers can exploit this without authentication to manipulate or delete critical system files.

💻 Affected Systems

Products:

Bit Form Pro WordPress Plugin

Versions: All versions up to and including 2.6.4

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Bit Form Pro plugin active. No authentication required for exploitation.

📦 What is this software?

Bit Form by Bitapps

View all CVEs affecting Bit Form →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via deletion of critical files like wp-config.php, leading to site takeover, data loss, or denial of service.

🟠

Likely Case

Website defacement, data deletion, or disruption of WordPress functionality through deletion of theme/plugin files.

🟢

If Mitigated

Limited impact if file permissions are restrictive and web server runs with minimal privileges.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending crafted HTTP requests to vulnerable endpoints. Public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-unauthenticated-arbitrary-file-deletion-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Bit Form Pro and click 'Update Now'. 4. Verify version is 2.6.5 or higher.

🔧 Temporary Workarounds

Disable Bit Form Pro Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate bitformpro

Web Application Firewall Rule

all

Block requests containing path traversal sequences to Bit Form Pro endpoints.

Add WAF rule: block requests to /wp-content/plugins/bitformpro/* with ../ patterns

🧯 If You Can't Patch

Implement strict file permissions (chmod 644 for files, 755 for directories)
Use web application firewall to block path traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Bit Form Pro version. If version ≤ 2.6.4, vulnerable.

Check Version:

wp plugin get bitformpro --field=version

Verify Fix Applied:

Verify Bit Form Pro version is 2.6.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /wp-content/plugins/bitformpro/ containing ../ patterns
File deletion events in WordPress uploads or plugin directories

Network Indicators:

POST/GET requests with file paths containing traversal sequences (../)

SIEM Query:

source="web_server" AND uri="*bitformpro*" AND (uri="*../*" OR post_data="*../*")

📊 Metadata

CVE ID: CVE-2024-43248

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-22

Published: August 19, 2024

Last Updated: September 6, 2024

🔗 References

https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43248, you might also want to check these: