Arforms Security Vulnerabilities and Issues — Arforms CVE List

Lucene search

ReputeinfosystemsArforms

10 matches found

CVE•added 2019/09/27 11:15 a.m.•94 views

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.

7.5CVSS7.5AI score0.14736EPSS

CVE•added 2024/02/05 10:16 p.m.•64 views

CVE-2024-0969

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.

5.3CVSS6.2AI score0.00415EPSS

CVE•added 2024/06/07 6:15 a.m.•53 views

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form

9.8CVSS9.6AI score0.62535EPSS

CVE•added 2024/06/07 6:15 a.m.•51 views

CVE-2024-4621

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example ...

4.8CVSS4.9AI score0.00065EPSS

CVE•added 2024/06/09 6:15 p.m.•49 views

CVE-2024-32705

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.

8.8CVSS7.8AI score0.00402EPSS

CVE•added 2024/06/09 6:15 p.m.•48 views

CVE-2024-32704

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.

7.1CVSS6.6AI score0.00204EPSS

CVE•added 2024/06/09 6:15 p.m.•44 views

CVE-2024-32703

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.

8.1CVSS7.8AI score0.00278EPSS

CVE•added 2024/06/12 6:15 a.m.•41 views

CVE-2024-0427

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.

6.3CVSS6.4AI score0.00173EPSS

CVE•added 2024/04/24 9:15 a.m.•35 views

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.

8.5CVSS7.5AI score0.00105EPSS

CVE•added 2025/05/15 8:15 p.m.•22 views

CVE-2024-10504

The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

5.4CVSS6.3AI score0.00066EPSS