WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability

Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...

CVE-2024-54223

CVE-2024-54223 is a documented HTML/Script-injection vulnerability in the ARForms Form Builder for WordPress (Contact Form - Repute InfoSystems). The issue is described as an improper neutralization of script-related HTML tags in a web page, resulting in a Basic XSS and potential code injection. ...

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

WordPress ARForms Plugin < 6.6 is vulnerable to Remote Code Execution (RCE)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-4620 Patch priority High CVSS severity High 10 Developer Claim ownership PSID eba026d169e8 Credits mgthuramoemyint Required privilege Unauthenticated...

WordPress ARForms Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ac8f7cc23af Credits Dave Jong Patchstack Required privilege...

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32705 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 849f4eb72992 Credits Dave Jong Patchstack Required privilege...

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

WordPress Arforms 3.5.1 Arbitrary File Deletion Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Arforms plugin is used in which a form builder plugin . A security vulnerability exists in WordPress Arforms...