Platform
wordpress
Component
arforms-form-builder
Opgelost in
1.7.3
CVE-2024-13785 describes an arbitrary shortcode execution vulnerability within the ARForms plugin for WordPress. This flaw allows unauthenticated attackers to inject and execute malicious shortcodes, potentially leading to website defacement, data theft, or complete compromise. The vulnerability affects all versions of ARForms up to and including 1.7.2. A patch is expected to be released by the vendor.
The impact of CVE-2024-13785 is significant due to its ease of exploitation and the potential for widespread compromise. An attacker can leverage this vulnerability to execute arbitrary PHP code through shortcodes, effectively gaining control over the affected WordPress website. This could involve modifying content, injecting malware, stealing sensitive data (user credentials, database information), or even taking over the entire server. The ability to execute arbitrary code without authentication makes this a particularly dangerous vulnerability, especially for sites with sensitive data or critical functionality.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation suggests a high likelihood of exploitation once a PoC is released. The vulnerability was publicly disclosed on 2026-03-21.
Websites using the ARForms plugin, particularly those with user-submitted forms or surveys, are at risk. Shared hosting environments where plugin updates are managed by the hosting provider may be particularly vulnerable if they haven't applied the patch.
• wordpress / composer / npm:
grep -r 'do_shortcode' /var/www/html/wp-content/plugins/arforms/• wordpress / composer / npm:
wp plugin list --status=active | grep arforms• wordpress / composer / npm:
wp plugin update arforms --alldisclosure
Exploit Status
EPSS
0.11% (29% percentiel)
CVSS-vector
The primary mitigation for CVE-2024-13785 is to immediately upgrade the ARForms plugin to the latest available version once a patch is released by the vendor. Until a patch is available, consider implementing a temporary workaround by disabling shortcode execution in user-supplied input fields within the ARForms plugin. Web application firewalls (WAFs) configured to detect and block malicious shortcode injections can also provide an additional layer of protection. Monitor WordPress logs for suspicious shortcode activity.
Geen bekende patch beschikbaar. Bestudeer de details van de kwetsbaarheid grondig en pas mitigaties toe op basis van de risicotolerantie van uw organisatie. Het kan het beste zijn om de getroffen software te verwijderen en een vervanging te zoeken.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-13785 is a vulnerability in the ARForms WordPress plugin allowing unauthenticated attackers to execute arbitrary shortcodes due to insufficient input validation, potentially leading to website compromise.
If you are using ARForms version 1.7.2 or earlier, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
Upgrade the ARForms plugin to the latest version as soon as a patch is released by the vendor. Until then, consider disabling shortcode execution in user-supplied input fields.
While no active exploitation has been confirmed, the ease of exploitation suggests a high likelihood of exploitation once a public proof-of-concept is released.
Check the official ARForms website and WordPress plugin repository for updates and security advisories related to CVE-2024-13785.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.