Primary

Context

Contact Form, Survey, Quiz & Popup Form Builder – ARForms WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

A vulnerability exists in the Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress, allowing for arbitrary shortcode execution. This issue affects all versions of the plugin up to and including 1.7.2. The vulnerability arises because the plugin does not properly validate user input before executing shortcodes, enabling unauthenticated attackers to execute arbitrary shortcodes on the site.

Impact

Exploitation of this vulnerability allows for unauthenticated blind arbitrary shortcode execution, which could be used to execute malicious code or actions on behalf of the user.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Mar 21, 2026, 4:56 AM

Updated: Mar 21, 2026, 4:56 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

7.6

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

7.6

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Contact Form, Survey, Quiz & Popup Form Builder – ARForms WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Repute Info Systems Contact Form, Survey, Quiz & Popup Form Builder

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating