Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.6
ARForms Plugin for WordPress Allows Unauthorized Code Execution
CVE-2024-13785
Summary
The ARForms plugin for WordPress allows attackers to execute arbitrary code without a password. This means that a hacker could potentially gain control of your website. Update the plugin to the latest version to fix this issue.
Original title
The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the...
Original description
The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
nvd CVSS3.1
5.6
Vulnerability type
CWE-94
Code Injection
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026