What is CVE-2024-4620?

CVE-2024-4620 is a vulnerability in Arforms - Premium Wordpress Form Builder Plugin, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2024-06-07.

Is CVE-2024-4620 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Arforms - Premium Wordpress Form Builder Plugin

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form

EPSS: 0.724 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Arforms - Premium Wordpress Form Builder Plugin — versions 0

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-4620?: CVE-2024-4620 is a vulnerability in Arforms - Premium Wordpress Form Builder Plugin, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2024-06-07.
Is CVE-2024-4620 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.