230 matches found
CVE-2018-15818
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...
CVE-2024-10504 ARForms Builder < 1.7.1 - Unauthenticated Stored XSS
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2024-10504 ARForms Builder < 1.7.1 - Unauthenticated Stored XSS
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2024-32703
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-32705
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-32702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-32706
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-32704
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...
CVE-2024-1945
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it possible for...
CVE-2024-54216
Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through = 6.4.1...
CVE-2024-37920
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7...
CVE-2024-31270
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1...
CVE-2024-54223
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through = 1.7.1...
CVE-2024-54223
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1...
CVE-2024-54217
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4.1...
CVE-2024-54217
Missing Authorization vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.1...
CVE-2024-54217 WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4.1...
CVE-2024-54217
CVE-2024-54217 describes a Missing Authorization vulnerability in the WordPress plugin ARForms by Repute Info Systems, affecting ARForms versions from n/a up to and including 6.4.1. The connected sources confirm the issue is related to unauthorized changes to the plugin settings (“Plugin Settings...
CVE-2024-54223 WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through = 1.7.1...
CVE-2024-54223
CVE-2024-54223 is a documented HTML/Script-injection vulnerability in the ARForms Form Builder for WordPress (Contact Form - Repute InfoSystems). The issue is described as an improper neutralization of script-related HTML tags in a web page, resulting in a Basic XSS and potential code injection. ...