ArForms < 4.0 - Unauthenticated Arbitrary File Deletion via Traversal

"arfdeletefile in arformcontroller.php allows unauthenticated users to delete an arbitrary file by supplying its full pathname" The vendor contacted the WPScan Team stating that the issue had been resolved in version 4.0...

WordPress Arforms 3.7.1 - Directory Traversal

WordPress Arforms 3.7.1 - Directory Traversal Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link:...

WordPress Arforms 3.7.1 - Directory Traversal Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link:...

WordPress Plugin Arforms 3.7.1 - Directory Traversal

Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link: https://www.arformsplugin.com/documentation/changelog/ Version: 3.7.1 CVE ID...

WordPress Arforms 3.7.1 Directory Traversal

Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link: https://www.arformsplugin.com/documentation/changelog/ Version: 3.7.1 CVE ID...

WordPress Arforms Plugin Input Validation Error Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ARforms is a responsive form builder plugin used in it. An input validation error vulnerability exists in the 'arfdeletefile' function ...

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

!/usr/bin/env ruby Exploit Title: WordPress Arforms - 3.7.1 CVE ID: CVE-2019-16902 Date: 2019-09-27 Exploit Author: Ahmad Almorabea Author Website: http://almorabea.net Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link:...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

Arbitrary file deletion

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

CVE-2019-16902

CVE-2019-16902 – ARforms WordPress plugin : The ARforms plugin 3.7.1 is vulnerable due to arf_delete_file in arformcontroller.php, which allows an unauthenticated attacker to delete arbitrary files by supplying the full pathname. This impacts WordPress installations using ARforms 3.7.1. Public ex...

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

Design/Logic Flaw

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

CVE-2018-15818

CMS/plugin: Repute ARForms 3.5.1 and earlier. A vulnerability allows an attacker to delete arbitrary files on the server by sending a malicious request to admin-ajax.php, abusing web server privileges. Affected component is the plugin’s admin AJAX endpoint; impact is file deletion with partial in...

WordPress ARForms plugin <= 3.5.1 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability found by Amir Hossein Mahboubi in WordPress ARForms plugin versions = 3.5.1. Solution Update the WordPress ARForms plugin to the latest available version at least 3.5.2...

WordPress Arforms 3.5.1 Arbitrary File Deletion Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Arforms plugin is used in which a form builder plugin . A security vulnerability exists in WordPress Arforms...

WordPress Arforms 3.5.1 Arbitrary File Delete Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux &...

ARForms < 3.5.2 - Unauthenticated Arbitrary File Deletion

The arforms WordPress plugin was affected by an Unauthenticated Arbitrary File Deletion security vulnerability...