Plateforme
wordpress
Composant
arforms-form-builder
Corrigé dans
1.7.3
CVE-2024-13785 describes an arbitrary shortcode execution vulnerability within the ARForms plugin for WordPress. This flaw allows unauthenticated attackers to inject and execute malicious shortcodes, potentially leading to website defacement, data theft, or complete compromise. The vulnerability affects all versions of ARForms up to and including 1.7.2. A patch is expected to be released by the vendor.
The impact of CVE-2024-13785 is significant due to its ease of exploitation and the potential for widespread compromise. An attacker can leverage this vulnerability to execute arbitrary PHP code through shortcodes, effectively gaining control over the affected WordPress website. This could involve modifying content, injecting malware, stealing sensitive data (user credentials, database information), or even taking over the entire server. The ability to execute arbitrary code without authentication makes this a particularly dangerous vulnerability, especially for sites with sensitive data or critical functionality.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation suggests a high likelihood of exploitation once a PoC is released. The vulnerability was publicly disclosed on 2026-03-21.
Websites using the ARForms plugin, particularly those with user-submitted forms or surveys, are at risk. Shared hosting environments where plugin updates are managed by the hosting provider may be particularly vulnerable if they haven't applied the patch.
• wordpress / composer / npm:
grep -r 'do_shortcode' /var/www/html/wp-content/plugins/arforms/• wordpress / composer / npm:
wp plugin list --status=active | grep arforms• wordpress / composer / npm:
wp plugin update arforms --alldisclosure
Statut de l'Exploit
EPSS
0.11% (percentile 29%)
Vecteur CVSS
The primary mitigation for CVE-2024-13785 is to immediately upgrade the ARForms plugin to the latest available version once a patch is released by the vendor. Until a patch is available, consider implementing a temporary workaround by disabling shortcode execution in user-supplied input fields within the ARForms plugin. Web application firewalls (WAFs) configured to detect and block malicious shortcode injections can also provide an additional layer of protection. Monitor WordPress logs for suspicious shortcode activity.
Aucun correctif connu n'est disponible. Veuillez examiner en profondeur les détails de la vulnérabilité et mettre en œuvre des mesures d'atténuation en fonction de la tolérance au risque de votre organisation. Il peut être préférable de désinstaller le logiciel affecté et de trouver un remplacement.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-13785 is a vulnerability in the ARForms WordPress plugin allowing unauthenticated attackers to execute arbitrary shortcodes due to insufficient input validation, potentially leading to website compromise.
If you are using ARForms version 1.7.2 or earlier, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
Upgrade the ARForms plugin to the latest version as soon as a patch is released by the vendor. Until then, consider disabling shortcode execution in user-supplied input fields.
While no active exploitation has been confirmed, the ease of exploitation suggests a high likelihood of exploitation once a public proof-of-concept is released.
Check the official ARForms website and WordPress plugin repository for updates and security advisories related to CVE-2024-13785.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.