Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.8 views

PT-2024-31920

Name of the Vulnerable Software and Affected Versions ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form. Recommendations...

9.8CVSS5.5AI score0.03345EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2024/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

9.8CVSS5.8AI score0.03345EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.10 views

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

4.8CVSS5.7AI score0.00351EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.7 views

PT-2024-31921 · WordPress · Arforms

Name of the Vulnerable Software and Affected Versions: ARForms - Premium WordPress Form Builder Plugin version prior to 6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly...

4.8CVSS5.3AI score0.00351EPSS
Exploits2References5
CVE
CVE
added 2024/05/02 4:51 p.m.54 views

CVE-2024-1945

CVE-2024-1945 affects ARForms Form Builder (WordPress). vulnerability: missing capability check in arflite_remove_preview_data allows authenticated users with subscriber+ to delete arbitrary site options, causing availability loss in all versions up to 1.6.4. No remediation details provided in th...

7.1CVSS6.3AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.4 views

WordPress plugin ARForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS6.2AI score0.00357EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/22 10:57 a.m.5 views

WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

8.8CVSS8.1AI score0.00565EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.18 views

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

8.1CVSS6.5AI score0.00577EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/18 12:11 p.m.37 views

CVE-2022-45838 WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

6.1CVSS5.9AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/08 12:0 a.m.6 views

WordPress Arforms Plugin Input Validation Error Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ARforms is a responsive form builder plugin used in it. An input validation error vulnerability exists in the 'arfdeletefile' function ...

7.5CVSS6.8AI score0.09726EPSS
Exploits5References1
OSV
OSV
added 2019/09/27 11:15 a.m.7 views

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

7.5CVSS7.2AI score0.09726EPSS
Exploits5References2
Prion
Prion
added 2019/09/27 11:15 a.m.14 views

Arbitrary file deletion

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

6.4CVSS7.6AI score0.09726EPSS
Exploits5References2Affected Software1
0day.today
0day.today
added 2018/10/28 12:0 a.m.118 views

WordPress Arforms 3.5.1 Arbitrary File Delete Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux &...

0.02049EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/10/27 12:0 a.m.275 views

WordPress Arforms 3.5.1 Arbitrary File Delete

Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Date: 2018-10-17 Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux & Windows CVE : CVE-2018-15818...

0.1AI score0.02049EPSS
Exploits3
Rows per page
Query Builder