Lucene search
K

230 matches found

CNNVD
CNNVD
added 2024/06/07 12:0 a.m.6 views

WordPress plugin ARForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.8AI score0.03345EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.6 views

WordPress plugin ARForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS6AI score0.00351EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.9 views

PT-2024-31921 · WordPress · Arforms

Name of the Vulnerable Software and Affected Versions: ARForms - Premium WordPress Form Builder Plugin version prior to 6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly...

4.8CVSS5.3AI score0.00351EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.8 views

PT-2024-31920

Name of the Vulnerable Software and Affected Versions ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form. Recommendations...

9.8CVSS5.5AI score0.03345EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2024/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

9.8CVSS5.8AI score0.03345EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.12 views

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

4.8CVSS5.7AI score0.00351EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2024/05/22 12:0 a.m.133 views

Arforms < 6.4.1 - Reflected XSS

Description The plugin does not properly escape user-controlled input when it is reflected in some of its AJAX actions. https://www.example.com/wp-admin/admin-ajax.php?action=currentmodal&positionmodal=alertdocument.domain...

6.7AI score0.00358EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.14 views

Arforms < 6.4.1 - Reflected XSS

Description The plugin does not properly escape user-controlled input when it is reflected in some of its AJAX actions. PoC https://www.example.com/wp-admin/admin-ajax.php?action=currentmodalmodal=...

6.5AI score0.00358EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.19 views

ArForms < 6.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add or edit an existing form an...

7.8AI score0.00351EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.16 views

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

9.5AI score0.03345EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.169 views

ArForms < 6.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add or edit an existing form and in...

7.9AI score0.00351EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.191 views

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3. Modify i...

9.6AI score0.03345EPSS
Exploits2
NVD
NVD
added 2024/05/08 2:15 p.m.18 views

CVE-2024-31270

Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...

8CVSS7.5AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2024/05/08 2:15 p.m.5 views

CVE-2024-31270

Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...

8CVSS7.3AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/08 1:25 p.m.22 views

CVE-2024-31270 WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...

7.6CVSS7.7AI score0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/08 1:25 p.m.16 views

CVE-2024-31270 WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...

7.6CVSS6.9AI score0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.3 views

WordPress plugin ARForms Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.6CVSS8.4AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.4 views

PT-2024-23915 · Unknown · Arforms Form Builder

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder versions 1.6.1 and earlier Description: The issue is related to a missing authorization vulnerability in ARForms Form Builder. This vulnerability may allow unauthorized access to sensitive data. Recommendations: Update to...

7.6CVSS9.3AI score0.00361EPSS
Exploits0References7
NVD
NVD
added 2024/05/02 5:15 p.m.24 views

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it possible for...

7.1CVSS6.6AI score0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.8 views

CVE-2024-1945 ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it possible for...

7.1CVSS6AI score0.00428EPSS
Exploits0References2
Rows per page
Query Builder