230 matches found
CVE-2024-32705 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-32705 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-32705
Technical details about CVE-2024-32705 are not provided in the supplied documents. Monitor official advisories and updates from vendors and CVE repositories for new information.
PT-2024-24791 · Repute Infosystems · Arforms
Name of the Vulnerable Software and Affected Versions: reputeinfosystems ARForms versions n/a through 6.4 Description: The issue is related to a Missing Authorization vulnerability in reputeinfosystems ARForms. Recommendations: For versions n/a through 6.4, at the moment, there is no information...
WordPress plugin ARForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin ARForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin ARForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-24790 · Repute Infosystems · Arforms
Name of the Vulnerable Software and Affected Versions: ARForms versions n/a through 6.4 Description: A Missing Authorization issue affects reputeinfosystems ARForms. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents...
WordPress ArForms Premium plugin < 6.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin ARForms versions 6.6...
WordPress ArForms Premium plugin < 6.6 - Unauthenticated RCE vulnerability
Unauthenticated RCE vulnerability discovered by mgthuramoemyint in WordPress Plugin ARForms versions 6.6...
CVE-2024-4621
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...
CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...
CVE-2024-4621
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...
CVE-2024-4621
CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...
CVE-2024-4620 ArForms < 6.6 - Unauthenticated RCE
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...
CVE-2024-4620 ArForms < 6.6 - Unauthenticated RCE
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...
CVE-2024-4620
CVE-2024-4620 concerns ARForms – Premium WordPress Form Builder Plugin. The vulnerability affects versions prior to 6.6 and allows unauthenticated users to modify uploaded files in a form so that PHP code can be uploaded, enabling remote code execution on affected WordPress servers. The CVSS v3.1...
CVE-2024-4621 ArForms < 6.6 - Admin+ Stored XSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...
CVE-2024-4621 ArForms < 6.6 - Admin+ Stored XSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...
WordPress ARForms Plugin < 6.6 is vulnerable to Remote Code Execution (RCE)
Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-4620 Patch priority High CVSS severity High 10 Developer Claim ownership PSID eba026d169e8 Credits mgthuramoemyint Required privilege Unauthenticated...