Lucene search
K

231 matches found

CVE
CVE
added 2024/04/24 8:12 a.m.63 views

CVE-2024-32706

CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...

8.8CVSS5.9AI score0.00565EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.4 views

PT-2024-24789

Name of the Vulnerable Software and Affected Versions ARForms versions n/a through 6.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations For versions n/a throu...

7.1CVSS5.8AI score0.00357EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.5 views

WordPress plugin ARForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS6.2AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.9 views

PT-2024-24793

Name of the Vulnerable Software and Affected Versions Repute info systems ARForms versions n/a through 6.4 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

8.8CVSS5.8AI score0.00565EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.4 views

WordPress plugin ARForms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.5CVSS7.9AI score0.00565EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/22 10:57 a.m.6 views

WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

8.8CVSS8.1AI score0.00565EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 10:55 a.m.5 views

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability

Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

8.8CVSS6.9AI score0.00382EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 10:53 a.m.7 views

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability

Subscriber+ Arbitrary WordPress Options Removal vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

7.1CVSS7AI score0.00335EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 10:52 a.m.7 views

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

8.1CVSS7AI score0.00577EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 10:50 a.m.8 views

WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

7.1CVSS6.1AI score0.00357EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.14 views

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32705 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 849f4eb72992 Credits Dave Jong Patchstack Required privilege...

8.8CVSS6.5AI score0.00382EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-32703

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.1CVSS5.8AI score0.00577EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4...

7.1CVSS5.8AI score0.00357EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-32704

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4...

8.8CVSS5.9AI score0.00565EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.18 views

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

8.1CVSS6.5AI score0.00577EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/04/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-32705

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.19 views

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...

7.1CVSS6.5AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.17 views

WordPress ARForms Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ac8f7cc23af Credits Dave Jong Patchstack Required privilege...

7.1CVSS6.5AI score0.00357EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.18 views

WordPress ARForms Plugin <= 6.4 is vulnerable to SQL Injection

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32706 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID e8475500673b Credits Dave Jong Patchstack Required privilege Subscriber...

8.5CVSS6.8AI score0.00565EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder