{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-13785", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-28T20:47:46.970Z", "datePublished": "2026-03-21T03:26:54.127Z", "dateUpdated": "2026-04-08T17:05:48.804Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:48.804Z"}, "affected": [{"vendor": "reputeinfosystems", "product": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The The Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "title": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4a47f7-0161-4a57-994f-c48795810ea3?source=cve"}, {"url": "https://wordpress.org/plugins/arforms-form-builder/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.6, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "timeline": [{"time": "2026-03-20T15:21:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T17:03:51.225431Z", "id": "CVE-2024-13785", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T17:04:09.684Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13785", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T17:03:51.225431Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T17:04:06.003Z"}}], "cna": {"title": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution", "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "reputeinfosystems", "product": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-20T15:21:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4a47f7-0161-4a57-994f-c48795810ea3?source=cve"}, {"url": "https://wordpress.org/plugins/arforms-form-builder/"}], "descriptions": [{"lang": "en", "value": "The The Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-21T03:26:54.127Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13785", "state": "PUBLISHED", "dateUpdated": "2026-03-23T17:04:09.684Z", "dateReserved": "2025-01-28T20:47:46.970Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-21T03:26:54.127Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The The Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}, {"lang": "es", "value": "El plugin The Contact Form, Survey, Quiz &amp; Popup Form Builder \u2013 ARForms para WordPress es vulnerable a la ejecuci\u00f3n arbitraria de shortcodes en todas las versiones hasta la 1.7.2, inclusive. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten shortcodes arbitrarios."}], "id": "CVE-2024-13785", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-21T04:16:47.620", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/arforms-form-builder/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4a47f7-0161-4a57-994f-c48795810ea3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "source": "cna", "vendor": "reputeinfosystems"}, "product": "contact_form,_survey,_quiz_&_popup_form_builder_\u2013_arforms", "vendor": "reputeinfosystems"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-21T06:22:54.437381+00:00", "value": {"mitigation_remediation": ["Update the ARForms plugin to the newest version (at least 1.7.3) as soon as possible.", "If an immediate update is not feasible, disable the shortcode processing feature within the plugin or restrict access to the affected form endpoints.", "Monitor server logs for suspicious shortcode usage and review content for unauthorized changes."], "summary": {"action": "Immediate Update", "impact": "Arbitrary shortcode execution enables attackers to run any WordPress shortcode without authentication, potentially leading to code injection or content manipulation,"}, "threat_synthesis": {"affected_systems": "This vulnerability affects all installations of the ARForms Contact Form, Survey, Quiz & Popup Form Builder plugin produced by reputeinfosystems that are running version 1.7.2 or older. The issue is present in all supported WordPress versions where the plugin is active.", "description_and_impact": "The ARForms plugin for WordPress contains a flaw that allows unauthenticated users to pass arbitrary values to the do_shortcode function without proper validation. This weakens the plugin to code injection via WordPress shortcodes, classified as CWE\u201194. An attacker can supply any shortcode, which may include functions that reveal sensitive data, modify the site\u2019s content, or trigger additional malicious actions, thereby compromising the confidentiality, integrity, and availability of the affected website.", "risk_and_exploitability": "The CVSS score of 5.6 indicates a moderate severity. Attackers can exploit the flaw remotely from any position on the internet since no authentication is required. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the nature of the flaw\u2014unauthenticated arbitrary shortcode execution\u2014suggests a relatively high likelihood of exploitation for attackers who discover the vulnerable endpoint. Mitigating the risk requires immediate patching or removal of the vulnerable plugin functionality."}}}}, "created": "2026-03-23T09:50:17.866885+00:00", "updated": "2026-03-25T14:41:57.988746+00:00", "vendors": ["reputeinfosystems", "reputeinfosystems$PRODUCT$contact_form,_survey,_quiz_&_popup_form_builder_\u2013_arforms", "wordpress", "wordpress$PRODUCT$wordpress"]}