CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1945

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00228/1

CVE-2024-1945 affects the ARForms Form Builder plugin for WordPress, potentially leading to unauthorized data loss. This vulnerability stems from a missing capability check in the 'arflite_remove_preview_data' function. Authenticated attackers, with subscriber access or higher, can exploit this to delete arbitrary site options. The vulnerability impacts versions up to and including 1.6.4. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, and it's tagged as "In The Wild," suggesting potential exploitation. This could cause a loss of availability for affected WordPress sites. Addressing this security issue is important to prevent unauthorized data manipulation. Organizations using the ARForms plugin should update to a patched version to mitigate the risk.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-02
LAST MODIFIED2024-05-02

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-1945 | ARForms Form Builder Plugin up to 1.6.4 on WordPress Option authorization
vuldb.com2024-04-25
CVE-2024-1945 | ARForms Form Builder Plugin up to 1.6.4 on WordPress Option authorization | A vulnerability was found in ARForms Form Builder Plugin up to 1.6.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Option Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-1945. The attack can
cve-2024-1945
domains
urls
cves

Social Media

CVE-2024-1945 The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capa… https://t.co/XtCnDpZgpZ
0
0
0
CVE-2024-1945 The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_re... https://t.co/kvCcnrBSe9
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://plugins.trac.wordpress.org/browser/arforms-form-builder/tags/1.6.3/core/controllers/arfliteformcontroller.php
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/026f8d9b-a66b-4a59-8375-fba587a4eef7?source=cve

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence