Lucene search
K

231 matches found

Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.8 views

CVE-2024-1945 ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it possible for...

7.1CVSS6AI score0.00428EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:51 p.m.54 views

CVE-2024-1945

CVE-2024-1945 affects ARForms Form Builder (WordPress). vulnerability: missing capability check in arflite_remove_preview_data allows authenticated users with subscriber+ to delete arbitrary site options, causing availability loss in all versions up to 1.6.4. No remediation details provided in th...

7.1CVSS6.3AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress plugin ARForms Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

7.1CVSS6.2AI score0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-18440 · WordPress · Arforms Form Builder

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder plugin for WordPress versions up to, and including, 1.6.4 Description: The issue is related to a missing capability check on the arflite remove preview data function, allowing authenticated attackers with subscriber acces...

7.1CVSS6.6AI score0.00428EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.14 views

ARforms < 6.4.1 - Reflected Cross-Site Scripting

Description The ARforms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.5AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.11 views

ARforms < 6.4.1 - Authenticated (Subscriber+) SQL Injection

Description The ARforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.5CVSS7.5AI score0.00565EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.15 views

ARForms < 6.4.1 - Missing Authorization to Arbitrary Option Deletion

Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...

7.1CVSS6.8AI score0.00335EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.17 views

ARForms < 6.4.1 - Missing Authorization to Arbitrary File Deletion

Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...

8.1CVSS6.8AI score0.00577EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:20 a.m.4 views

WordPress ARForms Form Builder plugin <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion vulnerability

Missing Authorization to AuthenticatedSubscriber+ Arbitrary Option Deletion vulnerability discovered by Lucio Sá in WordPress Plugin ARForms Form Builder versions = 1.6.4...

7.1CVSS7AI score0.00428EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.9 views

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

7.1CVSS6.5AI score0.00428EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.14 views

ARForms Form Builder < 1.6.5 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion

Description The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it...

7.1CVSS6.7AI score0.00428EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/24 11:15 a.m.3 views

CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2024/04/24 11:15 a.m.31 views

CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

7.1CVSS6.9AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2024/04/24 10:13 a.m.68 views

CVE-2024-32702

CVE-2024-32702 is a Reflected XSS in ARForms (WordPress). Affected ARForms versions are up to and including 6.4; patched in 6.4. Exploitation details are not provided in the sources; the vulnerability arises from improper input neutralization during web page generation. Remediation per sources: u...

7.1CVSS5.9AI score0.00357EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/24 10:13 a.m.18 views

CVE-2024-32702 WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

7.1CVSS5.2AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 10:13 a.m.38 views

CVE-2024-32702 WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

7.1CVSS7.1AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 9:15 a.m.6 views

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4...

8.8CVSS5.8AI score0.00565EPSS
Exploits0References1
NVD
NVD
added 2024/04/24 9:15 a.m.21 views

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.8CVSS8.9AI score0.00565EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/24 8:12 a.m.16 views

CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.5CVSS5.5AI score0.00565EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 8:12 a.m.30 views

CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.5CVSS9AI score0.00565EPSS
Exploits0References1
Rows per page
Query Builder