In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
7.5CVSS
7.5AI Score
0.009EPSS
Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.
8.8CVSS
6.9AI Score
0.001EPSS