Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in ARforms 3.7.1

  • Severity: high-risk
  • Status: Open
  • Publication: October 11, 2019

The ARforms plugin version 3.7.1 for WordPress has a security flaw that allows someone to delete any file on the system without having to log in. All they need to do is provide the full pathname of the file they want to delete.

Detected in:

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder fixed vulnerable versions: >= * <= 0
Contact Form, Survey, Quiz & Popup Form Builder – ARForms fixed vulnerable versions:
ARforms open vulnerable versions: >= * <= 3.7.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.