PT-2026-26796 · WordPress · Arforms
Krzysztof Zając
·
Publicado
2026-03-21
·
Atualizado
2026-03-21
·
CVE-2024-13785
CVSS v3.1
5.6
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ARForms versions up to and including 1.7.2
Description
The ARForms plugin for WordPress is susceptible to arbitrary shortcode execution. The software does not properly validate input before running the
do shortcode function, allowing unauthenticated attackers to execute arbitrary shortcodes.Recommendations
Update ARForms to a version later than 1.7.2.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Arforms