EPSS
Percentile
83.5%
“arf_delete_file in arformcontroller.php allows unauthenticated users to delete an arbitrary file by supplying its full pathname” The vendor contacted the WPScan Team stating that the issue had been resolved in version 4.0.
codecanyon.net/item/arforms-wordpress-form-builder-plugin/6023165
packetstormsecurity.com/files/154807/
vulners.com/exploitdb/EDB-ID:47492