12 matches found
CVE-2019-16902
CVE-2019-16902 – ARforms WordPress plugin : The ARforms plugin 3.7.1 is vulnerable due to arf_delete_file in arformcontroller.php, which allows an unauthenticated attacker to delete arbitrary files by supplying the full pathname. This impacts WordPress installations using ARforms 3.7.1. Public ex...
CVE-2024-4620
CVE-2024-4620 concerns ARForms – Premium WordPress Form Builder Plugin. The vulnerability affects versions prior to 6.6 and allows unauthenticated users to modify uploaded files in a form so that PHP code can be uploaded, enabling remote code execution on affected WordPress servers. The CVSS v3.1...
CVE-2024-4621
CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...
CVE-2024-32702
CVE-2024-32702 is a Reflected XSS in ARForms (WordPress). Affected ARForms versions are up to and including 6.4; patched in 6.4. Exploitation details are not provided in the sources; the vulnerability arises from improper input neutralization during web page generation. Remediation per sources: u...
CVE-2024-32704
CVE-2024-32704 pertains to the WordPress ARForms plugin by reputeinfosystems, affecting ARForms versions n/a–6.4 with a Missing Authorization vulnerability. Connected sources confirm public details for ARForms as of 6.4 and related advisories (e.g., RH CVE entry); no exploits or exact vectors are...
CVE-2024-32705
Technical details about CVE-2024-32705 are not provided in the supplied documents. Monitor official advisories and updates from vendors and CVE repositories for new information.
CVE-2024-54216
CVE-2024-54216 describes a path traversal path traversal vulnerability in ARForms (Repute InfoSystems) affecting ARForms versions up to 6.4.1. The issue enables Arbitrary File Read via a directory-traversal vector (".../...//"). Public sources in the connected documents indicate the vulnerability...
CVE-2024-54217
CVE-2024-54217 describes a Missing Authorization vulnerability in the WordPress plugin ARForms by Repute Info Systems, affecting ARForms versions from n/a up to and including 6.4.1. The connected sources confirm the issue is related to unauthorized changes to the plugin settings (“Plugin Settings...
CVE-2024-32703
CVE-2024-32703 : Missing Authorization vulnerability in reputeinfosystems ARForms for WordPress. Affected ARForms versions
CVE-2024-32706
CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...
CVE-2024-0427
ARForms - Premium WordPress Form Builder Plugin (WordPress) pre-6.4.1 is vulnerable to a reflected XSS due to improper escaping of user-controlled input in AJAX actions. Affected versions include 6.4.0 and earlier; remediation is to upgrade to 6.4.1 or later. The issue can allow reflected script ...
CVE-2024-10504
CVE-2024-10504 affects the WordPress plugin Contact Form, Survey, Quiz & Popup Form Builder (ARForms Builder) , specifically versions prior to 1.7.1 . The issue is an improper sanitisation/escaping of certain parameters when they are output on a page, enabling unauthenticated users to perform Cro...