WordPress ARForms Form Builder Plugin <= 1.6.1 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31270 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 4ca59fc15641 Credits Yudistira Arya Require...

WordPress ARForms Form Builder Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31272 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 5543120d9779 Credits Yudistira Arya...

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

Cross site scripting

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

CVE-2023-6828 ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

CVE-2023-6828 ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

CVE-2023-6828

CVE-2023-6828 concerns the ARForms Form Builder WordPress plugin. The WordPress ARForms plugin is vulnerable to Stored Cross-Site Scripting via the arf_http_referrer_url parameter in all versions up to and including 1.5.8, due to insufficient input sanitization and output escaping. The vulnerabil...

ARForms < 1.5.9 - Unauthenticated Stored XSS

Description The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output...

CVE-2022-45838

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

CVE-2022-45838

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

Cross site scripting

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

CVE-2022-45838

The CVE refers to an unauthenticated stored cross-site scripting (XSS) vulnerability in the Repute InfoSystems ARForms Form Builder plugin for WordPress, versioned at or below 1.5.5 (with some sources citing &lt;= 1.5.5 and patches mentioning &lt;= 1.5.4). Root cause is an XSS flaw that can be ex...

CVE-2022-45838 WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

WordPress plugin ARForms Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-14778 · Repute Infosystems · Arforms Form Builder

Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARForms Form Builder plugin versions 1.5.5 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the...

WordPress ARForms Form Builder plugin <= 1.5.4 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability

Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress ARForms Form Builder plugin versions = 1.5.4. Solution No reply from the vendor...

CVE-2021-24718 ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the From/Replyto Name field at ARForms Lite General Settings Email Settings: "alert/X...

WordPress ARForms Form Builder plugin <= 1.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Dhananjaygarg in WordPress ARForms Form Builder plugin versions = 1.4. Solution Update the WordPress ARForms Form Builder plugin to the latest available version at least 1.5...

ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the From/Replyto Name field at ARForms Lite General Settings Email Settings: "...