230 matches found
WordPress plugin ARForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin ARForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-31921 · WordPress · Arforms
Name of the Vulnerable Software and Affected Versions: ARForms - Premium WordPress Form Builder Plugin version prior to 6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly...
PT-2024-31920
Name of the Vulnerable Software and Affected Versions ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form. Recommendations...
VulnCheck KEV: CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...
WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)
Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...
Arforms < 6.4.1 - Reflected XSS
Description The plugin does not properly escape user-controlled input when it is reflected in some of its AJAX actions. https://www.example.com/wp-admin/admin-ajax.php?action=currentmodal&positionmodal=alertdocument.domain...
Arforms < 6.4.1 - Reflected XSS
Description The plugin does not properly escape user-controlled input when it is reflected in some of its AJAX actions. PoC https://www.example.com/wp-admin/admin-ajax.php?action=currentmodalmodal=...
ArForms < 6.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add or edit an existing form an...
ArForms < 6.6 - Unauthenticated RCE
Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...
ArForms < 6.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add or edit an existing form and in...
ArForms < 6.6 - Unauthenticated RCE
Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3. Modify i...
CVE-2024-31270
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...
CVE-2024-31270
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...
CVE-2024-31270 WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...
CVE-2024-31270 WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...
WordPress plugin ARForms Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-23915 · Unknown · Arforms Form Builder
Name of the Vulnerable Software and Affected Versions: ARForms Form Builder versions 1.6.1 and earlier Description: The issue is related to a missing authorization vulnerability in ARForms Form Builder. This vulnerability may allow unauthorized access to sensitive data. Recommendations: Update to...
CVE-2024-1945
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it possible for...
CVE-2024-1945 ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it possible for...