EUVD-2024-55483

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress plugin ARForms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

EUVD-2022-48692

Malicious code in bioql PyPI...

CVE-2024-0427

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions...

CVE-2022-45838

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

CVE-2024-54217 WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4.1...

CVE-2024-54216 WordPress ARForms plugin <= 6.4.1 - Arbitrary File Read vulnerability

Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1...

WordPress plugin ARForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability

Subscriber+ Arbitrary File Read vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...

CVE-2024-0427

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions...

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

PT-2024-31921 · WordPress · Arforms

Name of the Vulnerable Software and Affected Versions: ARForms - Premium WordPress Form Builder Plugin version prior to 6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly...

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

PT-2024-31920 · WordPress · Arforms

Name of the Vulnerable Software and Affected Versions: ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description: The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form...