Lucene search
K

9 matches found

CVE
CVE
added 2024/06/07 6:0 a.m.99 views

CVE-2024-4620

CVE-2024-4620 concerns ARForms – Premium WordPress Form Builder Plugin. The vulnerability affects versions prior to 6.6 and allows unauthenticated users to modify uploaded files in a form so that PHP code can be uploaded, enabling remote code execution on affected WordPress servers. The CVSS v3.1...

9.8CVSS9.6AI score0.03345EPSS
Web
CVE
CVE
added 2024/06/07 6:0 a.m.73 views

CVE-2024-4621

CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...

4.8CVSS4.9AI score0.00351EPSS
CVE
CVE
added 2024/04/24 10:13 a.m.68 views

CVE-2024-32702

CVE-2024-32702 is a Reflected XSS in ARForms (WordPress). Affected ARForms versions are up to and including 6.4; patched in 6.4. Exploitation details are not provided in the sources; the vulnerability arises from improper input neutralization during web page generation. Remediation per sources: u...

7.1CVSS5.9AI score0.00357EPSS
CVE
CVE
added 2024/06/09 5:10 p.m.67 views

CVE-2024-32705

Technical details about CVE-2024-32705 are not provided in the supplied documents. Monitor official advisories and updates from vendors and CVE repositories for new information.

8.8CVSS5.9AI score0.00382EPSS
CVE
CVE
added 2024/06/09 5:11 p.m.65 views

CVE-2024-32704

CVE-2024-32704 pertains to the WordPress ARForms plugin by reputeinfosystems, affecting ARForms versions n/a–6.4 with a Missing Authorization vulnerability. Connected sources confirm public details for ARForms as of 6.4 and related advisories (e.g., RH CVE entry); no exploits or exact vectors are...

7.1CVSS5.9AI score0.00335EPSS
CVE
CVE
added 2024/04/24 8:12 a.m.63 views

CVE-2024-32706

CVE-2024-32706 (ARForms): WordPress ARForms Form Builder plugin is affected by an authenticated SQL Injection vulnerability (Subscriber+ access) in ARForms versions up to 6.4. The issue is documented as an SQL Injection in ARForms Form Builder, with Patch Status: Patched in the linked vulnerabili...

8.8CVSS5.9AI score0.00565EPSS
CVE
CVE
added 2024/06/09 5:17 p.m.61 views

CVE-2024-32703

CVE-2024-32703 : Missing Authorization vulnerability in reputeinfosystems ARForms for WordPress. Affected ARForms versions

8.1CVSS5.9AI score0.00577EPSS
CVE
CVE
added 2024/06/12 6:0 a.m.54 views

CVE-2024-0427

ARForms - Premium WordPress Form Builder Plugin (WordPress) pre-6.4.1 is vulnerable to a reflected XSS due to improper escaping of user-controlled input in AJAX actions. Affected versions include 6.4.0 and earlier; remediation is to upgrade to 6.4.1 or later. The issue can allow reflected script ...

6.3CVSS6.4AI score0.00358EPSS
Web
CVE
CVE
added 2025/05/15 8:6 p.m.36 views

CVE-2024-10504

CVE-2024-10504 affects the WordPress plugin Contact Form, Survey, Quiz & Popup Form Builder (ARForms Builder) , specifically versions prior to 1.7.1 . The issue is an improper sanitisation/escaping of certain parameters when they are output on a page, enabling unauthenticated users to perform Cro...

5.4CVSS6.3AI score0.00275EPSS