ARForms Form Builder < 1.6.5 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion

Description The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it...

CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

CVE-2024-32702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4...

CVE-2024-32702

CVE-2024-32702 is a Reflected XSS in ARForms (WordPress). Affected ARForms versions are up to and including 6.4; patched in 6.4. Exploitation details are not provided in the sources; the vulnerability arises from improper input neutralization during web page generation. Remediation per sources: u...

CVE-2024-32702 WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

CVE-2024-32702 WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4...

CVE-2024-32706

CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...

CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

WordPress plugin ARForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-24789

Name of the Vulnerable Software and Affected Versions ARForms versions n/a through 6.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations For versions n/a throu...

PT-2024-24793

Name of the Vulnerable Software and Affected Versions Repute info systems ARForms versions n/a through 6.4 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

WordPress plugin ARForms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability

Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability

Subscriber+ Arbitrary WordPress Options Removal vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...