0.009 Low
EPSS
Percentile
82.5%
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
almorabea.net/cve-2019-16902.txt
www.arformsplugin.com/documentation/changelog/