> [Suggested description] > In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php > allows unauthenticated deletion of an arbitrary file by supplying the full pathname. > > ------------------------------------------ > > [Additional Information] > The script is used in variety of websites and it's critical that any attacker could delete files by his choice. > > ------------------------------------------ > > [VulnerabilityType Other] > Delete arbitrary files from the server without any form of authentication or logins > > ------------------------------------------ > > [Vendor of Product] > Arforms > > ------------------------------------------ > > [Affected Product Code Base] > arformcontroller.php - 3.7.1 > > ------------------------------------------ > > [Affected Component] > Function Name : arf_delete_file() > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [CVE Impact Other] > Adding Information in the SESSION Global Variable > > ------------------------------------------ > > [Attack Vectors] > Sending a crafted HTTP Requests. > > ------------------------------------------ > > [Discoverer] > Ahmed Mohamed Almorabea > > ------------------------------------------ > > [Reference] > https://www.arformsplugin.com/documentation/changelog/ Use CVE-2019-16902.