6 matches found
CVE-2023-6828
CVE-2023-6828 concerns the ARForms Form Builder WordPress plugin. The WordPress ARForms plugin is vulnerable to Stored Cross-Site Scripting via the arf_http_referrer_url parameter in all versions up to and including 1.5.8, due to insufficient input sanitization and output escaping. The vulnerabil...
CVE-2024-31270
CVE-2024-31270 is a Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder (WordPress plugin). Affected: ARForms Form Builder up to version 1.6.1. Root cause: missing authorization allows unauthorized access. Impact: as described in sources, includes missing access control...
CVE-2022-45838
The CVE refers to an unauthenticated stored cross-site scripting (XSS) vulnerability in the Repute InfoSystems ARForms Form Builder plugin for WordPress, versioned at or below 1.5.5 (with some sources citing <= 1.5.5 and patches mentioning <= 1.5.4). Root cause is an XSS flaw that can be ex...
CVE-2024-54223
CVE-2024-54223 is a documented HTML/Script-injection vulnerability in the ARForms Form Builder for WordPress (Contact Form - Repute InfoSystems). The issue is described as an improper neutralization of script-related HTML tags in a web page, resulting in a Basic XSS and potential code injection. ...
CVE-2024-31272
ARForms Form Builder (WordPress plugin) has a CSRF vulnerability affecting versions up to 1.6.1. The connected sources confirm the issue and affected range, but do not provide a publicly documented fix/version to remediate within the provided documents.
CVE-2024-37920
CVE-2024-37920 (ARForms Form Builder) is a Reflected XSS in ARForms Form Builder for WordPress, affecting 1.6.7 and earlier. The issue arises from improper input neutralization during web page generation, enabling reflected scripts. The Red Hat/NVD entries confirm the vulnerability details and ma...