CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

221 matches found

ArForms < 6.6 - Remote Code Execution

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...

9.8CVSS5.8AI score0.72422EPSS

Exploits2References1

RedhatCVE•added 2026/03/26 2:56 p.m.•3 views

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.0016EPSS

Exploits0References1

Patchstack•added 2026/03/24 8:31 a.m.•1 views

WordPress ARForms plugin <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution vulnerability

Unauthenticated Blind Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin ARForms Form Builder versions = 1.7.2...

5.6CVSS5.8AI score0.0016EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•2 views

EUVD-2024-55483

5.6CVSS6.2AI score0.0016EPSS

Exploits0References3

NVD•added 2026/03/21 4:16 a.m.•3 views

CVE-2024-13785

5.6CVSS0.0016EPSS

Exploits0References2

ATTACKERKB•added 2026/03/21 3:26 a.m.•3 views

CVE-2024-13785

5.6CVSS6.2AI score0.0016EPSS

Exploits0References3

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

5.6CVSS6.2AI score0.0016EPSS

Exploits0References2

CVE•added 2026/03/21 3:26 a.m.•3 views

CVE-2024-13785

The ARForms WordPress plugin (The Contact Form, Survey, Quiz & Popup Form Builder) is vulnerable to arbitrary shortcode execution in all versions up to 1.7.2. Root cause: the software executes do_shortcode after validating input improperly, enabling unauthenticated attackers to run arbitrary shor...

5.6CVSS6.2AI score0.0016EPSS

Exploits0References2

Cvelist•added 2026/03/21 3:26 a.m.•25 views

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

5.6CVSS0.0016EPSS

Exploits0References2

CNNVD•added 2026/03/21 12:0 a.m.•2 views

WordPress plugin ARForms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

5.6CVSS6.2AI score0.0016EPSS

Exploits0References2

Patchstack•added 2026/02/18 8:16 a.m.•2 views

WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability

Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...

7.2CVSS5.5AI score0.01095EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/07 9:31 a.m.•6 views

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

7.5CVSS7.1AI score0.14736EPSS

Exploits5References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2018-7676

Malware in sbrugna...

7.5CVSS7.6AI score0.0074EPSS

Exploits3References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-36880

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00275EPSS

Exploits0References1