← back
CVE-2024-4620

ArForms < 6.6 - Unauthenticated RCE

CVSS 9.8 CRITICALEPSS 3.3%
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · ARForms - Premium WordPress Form Builder Plugin
public PoCs found1
cve_referencewpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647/