CVE-2024-13785

Published: Mar 21, 2026 Last Modified: Mar 21, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,6

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Improper Control of Generation of Code ('Code Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Non-Repudiation

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities

Applicable Platforms

Languages: Interpreted

Technologies: AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://wordpress.org/plugins/arforms-form-builder/

https://www.wordfence.com/threat-intel/vulnerabilities/id/8…

https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4a47f7-0161-4a57-99…

CVE-2024-13785

Description

Improper Control of Generation of Code ('Code Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter