Arforms Security Vulnerabilities

CVE-2024-31270

Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through...

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....

CVE-2024-32702

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through...

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through...

CVE-2024-31272

Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through...

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping....

CVE-2022-45838

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5...

CVE-2021-24718

The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full...