Platform
wordpress
Component
arforms-form-builder
Fixed in
1.7.3
CVE-2024-13785 describes an arbitrary shortcode execution vulnerability within the ARForms plugin for WordPress. This flaw allows unauthenticated attackers to inject and execute malicious shortcodes, potentially leading to website defacement, data theft, or complete compromise. The vulnerability affects all versions of ARForms up to and including 1.7.2. A patch is expected to be released by the vendor.
The impact of CVE-2024-13785 is significant due to its ease of exploitation and the potential for widespread compromise. An attacker can leverage this vulnerability to execute arbitrary PHP code through shortcodes, effectively gaining control over the affected WordPress website. This could involve modifying content, injecting malware, stealing sensitive data (user credentials, database information), or even taking over the entire server. The ability to execute arbitrary code without authentication makes this a particularly dangerous vulnerability, especially for sites with sensitive data or critical functionality.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation suggests a high likelihood of exploitation once a PoC is released. The vulnerability was publicly disclosed on 2026-03-21.
Exploit Status
EPSS
0.11% (29% percentile)
CVSS Vector
The primary mitigation for CVE-2024-13785 is to immediately upgrade the ARForms plugin to the latest available version once a patch is released by the vendor. Until a patch is available, consider implementing a temporary workaround by disabling shortcode execution in user-supplied input fields within the ARForms plugin. Web application firewalls (WAFs) configured to detect and block malicious shortcode injections can also provide an additional layer of protection. Monitor WordPress logs for suspicious shortcode activity.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13785 is a vulnerability in the ARForms WordPress plugin allowing unauthenticated attackers to execute arbitrary shortcodes due to insufficient input validation, potentially leading to website compromise.
If you are using ARForms version 1.7.2 or earlier, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
Upgrade the ARForms plugin to the latest version as soon as a patch is released by the vendor. Until then, consider disabling shortcode execution in user-supplied input fields.
While no active exploitation has been confirmed, the ease of exploitation suggests a high likelihood of exploitation once a public proof-of-concept is released.
Check the official ARForms website and WordPress plugin repository for updates and security advisories related to CVE-2024-13785.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.