CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54223 – WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54223
05 Dec 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1. The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.7.1. This is due to the plugin not properly sanitizing and escaping data. This makes it possible for unauthenticated att... • https://patchstack.com/database/wordpress/plugin/arforms-form-builder/vulnerability/wordpress-arforms-plugin-1-7-1-html-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37920 – WordPress ARForms Form Builder plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37920
09 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Repute InfoSystems ARForms Form Builder permite XSS reflejado. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.7. The ARForms Form ... • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31270 – WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31270
05 Apr 2024 — Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. Vulnerabilidad de autorización faltante en Repute InfoSystems ARForms Form Builder. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.1. The ARForms Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.6.1. This makes it possible for authenticated att... • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31272 – WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31272
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Repute InfoSystems ARForms Form Builder. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.1. The ARForms Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on a fun... • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6828 – ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url
https://notcve.org/view.php?id=CVE-2023-6828
03 Jan 2024 — The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Contact Form, Survey & Popup Form Plugin for WordPress – A... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3013347@arforms-form-builder/trunk&old=2998602@arforms-form-builder/trunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45838 – WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-45838
23 Nov 2022 — Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions. The ARForms Form Builder plugin for WordPress is vulnerable to Cross-Site Scripting via an unspecified parameter in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unauth. • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-5-3-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •