CVE-2024-1945: 
WordPress vulnerability analysis and mitigation

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress (versions up to 1.6.4) contains a vulnerability identified as CVE-2024-1945. The vulnerability was discovered and reported by Wordfence, with a CVSS v3.1 base score of 7.1 (High). This security issue stems from a missing capability check on the 'arfliteremovepreview_data' function, which was disclosed on May 2, 2024 (Wordfence).

The vulnerability is characterized by a missing capability check on the 'arfliteremovepreview_data' function. The issue has been assigned a CVSS v3.1 base score of 7.1 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and doesn't require user interaction (NVD).

The vulnerability allows authenticated attackers with subscriber-level access or higher to delete arbitrary site options, which can result in loss of availability. The impact primarily affects the system's availability, with some impact on integrity, while confidentiality remains unaffected (Wordfence).

Users should update their ARForms Form Builder plugin to a version newer than 1.6.4 to address this vulnerability. The vulnerability affects all versions up to and including 1.6.4 (NVD).