34 matches found
PT-2024-31920
Name of the Vulnerable Software and Affected Versions ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form. Recommendations...
VulnCheck KEV: CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...
WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)
Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...
PT-2024-31921 · WordPress · Arforms
Name of the Vulnerable Software and Affected Versions: ARForms - Premium WordPress Form Builder Plugin version prior to 6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly...
CVE-2024-1945
CVE-2024-1945 affects ARForms Form Builder (WordPress). vulnerability: missing capability check in arflite_remove_preview_data allows authenticated users with subscriber+ to delete arbitrary site options, causing availability loss in all versions up to 1.6.4. No remediation details provided in th...
WordPress plugin ARForms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...
CVE-2022-45838 WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)
Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...
WordPress Arforms Plugin Input Validation Error Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ARforms is a responsive form builder plugin used in it. An input validation error vulnerability exists in the 'arfdeletefile' function ...
CVE-2019-16902
In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...
Arbitrary file deletion
In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...
WordPress Arforms 3.5.1 Arbitrary File Delete Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux &...
WordPress Arforms 3.5.1 Arbitrary File Delete
Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Date: 2018-10-17 Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux & Windows CVE : CVE-2018-15818...