231 matches found
CVE-2024-32706
CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...
PT-2024-24789
Name of the Vulnerable Software and Affected Versions ARForms versions n/a through 6.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations For versions n/a throu...
WordPress plugin ARForms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-24793
Name of the Vulnerable Software and Affected Versions Repute info systems ARForms versions n/a through 6.4 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...
WordPress plugin ARForms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
Subscriber+ Arbitrary WordPress Options Removal vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability
Subscriber+ Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32705 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 849f4eb72992 Credits Dave Jong Patchstack Required privilege...
VulnCheck KEV: CVE-2024-32703
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
VulnCheck KEV: CVE-2024-32702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4...
VulnCheck KEV: CVE-2024-32704
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
VulnCheck KEV: CVE-2024-32706
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4...
WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...
VulnCheck KEV: CVE-2024-32705
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...
WordPress ARForms Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ac8f7cc23af Credits Dave Jong Patchstack Required privilege...
WordPress ARForms Plugin <= 6.4 is vulnerable to SQL Injection
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32706 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID e8475500673b Credits Dave Jong Patchstack Required privilege Subscriber...