WordPress Plugin Vulnerabilities

ARForms < 3.5.2 - Unauthenticated Arbitrary File Deletion

Description

The arforms WordPress plugin was affected by an Unauthenticated Arbitrary File Deletion security vulnerability.

Affects Plugins

Plugin icon
arforms
Fixed in 3.5.2

References

CVE
CVE-2018-15818
URL
https://packetstormsecurity.com/files/#149981/
URL
https://codecanyon.net/item/arforms-wordpress-form-builder-plugin/6023165
URL
https://twitter.com/todeveni/status/1056791696447553537

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Amir Hossein Mahboubi
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3955999f-b2fd-445b-97cf-a9ef864b67f2

Timeline

Publicly Published
2018-10-27 (about 7 years ago)
Added
2018-10-29 (about 7 years ago)
Last Updated
2020-08-10 (about 5 years ago)

Other

Published
Title
Published
2022-09-19
Title
Contact Form by WPForms < 1.7.5.5 - Admin+ Arbitrary File Access
Published
2023-03-08
Title
Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.0 - Path Traversal
Published
2026-03-05
Title
Shared Files < 1.7.58 - Contributor+ Arbitrary File Download
Published
2022-11-29
Title
Simple:Press < 6.8.1 - Admin+ Arbitrary File Update
Published
2022-10-28
Title
Ultimate Member < 2.5.1 - Subscriber+ RCE