Lucene search
K
ReputeinfosystemsArforms

12 matches found

CVE
CVE
added 2019/09/27 10:56 a.m.110 views

CVE-2019-16902

CVE-2019-16902 – ARforms WordPress plugin : The ARforms plugin 3.7.1 is vulnerable due to arf_delete_file in arformcontroller.php, which allows an unauthenticated attacker to delete arbitrary files by supplying the full pathname. This impacts WordPress installations using ARforms 3.7.1. Public ex...

7.5CVSS7.5AI score0.09726EPSS
Web
CVE
CVE
added 2024/06/07 6:0 a.m.97 views

CVE-2024-4620

CVE-2024-4620 concerns ARForms – Premium WordPress Form Builder Plugin. The vulnerability affects versions prior to 6.6 and allows unauthenticated users to modify uploaded files in a form so that PHP code can be uploaded, enabling remote code execution on affected WordPress servers. The CVSS v3.1...

9.8CVSS9.6AI score0.03345EPSS
Web
CVE
CVE
added 2024/06/07 6:0 a.m.69 views

CVE-2024-4621

CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...

4.8CVSS4.9AI score0.00351EPSS
CVE
CVE
added 2024/04/24 10:13 a.m.65 views

CVE-2024-32702

CVE-2024-32702 is a Reflected XSS in ARForms (WordPress). Affected ARForms versions are up to and including 6.4; patched in 6.4. Exploitation details are not provided in the sources; the vulnerability arises from improper input neutralization during web page generation. Remediation per sources: u...

7.1CVSS5.9AI score0.00357EPSS
CVE
CVE
added 2024/06/09 5:11 p.m.64 views

CVE-2024-32704

CVE-2024-32704 pertains to the WordPress ARForms plugin by reputeinfosystems, affecting ARForms versions n/a–6.4 with a Missing Authorization vulnerability. Connected sources confirm public details for ARForms as of 6.4 and related advisories (e.g., RH CVE entry); no exploits or exact vectors are...

7.1CVSS5.9AI score0.00335EPSS
CVE
CVE
added 2024/06/09 5:10 p.m.64 views

CVE-2024-32705

Technical details about CVE-2024-32705 are not provided in the supplied documents. Monitor official advisories and updates from vendors and CVE repositories for new information.

8.8CVSS5.9AI score0.00382EPSS
CVE
CVE
added 2024/12/06 1:7 p.m.60 views

CVE-2024-54216

CVE-2024-54216 describes a path traversal path traversal vulnerability in ARForms (Repute InfoSystems) affecting ARForms versions up to 6.4.1. The issue enables Arbitrary File Read via a directory-traversal vector (".../...//"). Public sources in the connected documents indicate the vulnerability...

7.7CVSS7.2AI score0.00528EPSS
CVE
CVE
added 2024/12/09 12:58 p.m.60 views

CVE-2024-54217

CVE-2024-54217 describes a Missing Authorization vulnerability in the WordPress plugin ARForms by Repute Info Systems, affecting ARForms versions from n/a up to and including 6.4.1. The connected sources confirm the issue is related to unauthorized changes to the plugin settings (“Plugin Settings...

5.4CVSS7.2AI score0.00424EPSS
CVE
CVE
added 2024/06/09 5:17 p.m.59 views

CVE-2024-32703

CVE-2024-32703 : Missing Authorization vulnerability in reputeinfosystems ARForms for WordPress. Affected ARForms versions

8.1CVSS5.9AI score0.00577EPSS
CVE
CVE
added 2024/04/24 8:12 a.m.57 views

CVE-2024-32706

CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...

8.8CVSS5.9AI score0.00565EPSS
CVE
CVE
added 2024/06/12 6:0 a.m.53 views

CVE-2024-0427

ARForms - Premium WordPress Form Builder Plugin (WordPress) pre-6.4.1 is vulnerable to a reflected XSS due to improper escaping of user-controlled input in AJAX actions. Affected versions include 6.4.0 and earlier; remediation is to upgrade to 6.4.1 or later. The issue can allow reflected script ...

6.3CVSS6.4AI score0.00358EPSS
Web
CVE
CVE
added 2025/05/15 8:6 p.m.34 views

CVE-2024-10504

CVE-2024-10504 affects the WordPress plugin Contact Form, Survey, Quiz & Popup Form Builder (ARForms Builder) , specifically versions prior to 1.7.1 . The issue is an improper sanitisation/escaping of certain parameters when they are output on a page, enabling unauthenticated users to perform Cro...

5.4CVSS6.3AI score0.00275EPSS