CVE-2024-1945

CVE-2024-1945 affects ARForms Form Builder (WordPress). vulnerability: missing capability check in arflite_remove_preview_data allows authenticated users with subscriber+ to delete arbitrary site options, causing availability loss in all versions up to 1.6.4. No remediation details provided in th...

WordPress plugin ARForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

CVE-2022-45838 WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

WordPress Arforms Plugin Input Validation Error Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ARforms is a responsive form builder plugin used in it. An input validation error vulnerability exists in the 'arfdeletefile' function ...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

Arbitrary file deletion

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

WordPress Arforms 3.5.1 Arbitrary File Delete Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux &...

WordPress Arforms 3.5.1 Arbitrary File Delete

Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Date: 2018-10-17 Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux & Windows CVE : CVE-2018-15818...