Arforms
CVE-2024-54216
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (patchstack) · only source for this CVE.
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1.
AnalysisAI
Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.4.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-35. Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.4.1. Affected products include: Reputeinfosystems Arforms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify u
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controll
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an
Stored cross-site scripting in the ARForms WordPress plugin (versions ≤7.1.3) allows unauthenticated remote attackers to
Reflected cross-site scripting in the ARForms WordPress plugin (versions 7.1.2 and earlier) lets an unauthenticated remo
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some para
Same weakness CWE-35 – Path Traversal: '.../...//'
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today