CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54223 – WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54223
05 Dec 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1. The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.7.1. This is due to the plugin not properly sanitizing and escaping data. This makes it possible for unauthenticated att... • https://patchstack.com/database/wordpress/plugin/arforms-form-builder/vulnerability/wordpress-arforms-plugin-1-7-1-html-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54216 – WordPress ARForms plugin <= 6.4.1 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2024-54216
02 Dec 2024 — Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. The ARforms plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the serve... • https://patchstack.com/database/wordpress/plugin/arforms/vulnerability/wordpress-arforms-plugin-6-4-1-subscriber-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54217 – WordPress ARForms plugin <= 6.4.1 - Plugin Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-54217
02 Dec 2024 — Missing Authorization vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.1. The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the plugin's settings. • https://patchstack.com/database/wordpress/plugin/arforms/vulnerability/wordpress-arforms-plugin-6-4-1-subscriber-plugin-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37920 – WordPress ARForms Form Builder plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37920
09 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Repute InfoSystems ARForms Form Builder permite XSS reflejado. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.7. The ARForms Form ... • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32702 – WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32702
22 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Repute info systems ARForms permite Reflected XSS. Este problema afecta a ARForms: desde n/a hasta 6.4. The ARforms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting ... • https://patchstack.com/database/vulnerability/arforms/wordpress-arforms-plugin-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32703 – WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32703
22 Apr 2024 — Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. Vulnerabilidad de autorización faltante en reputeinfosystems ARForms. Este problema afecta a ARForms: desde n/a hasta 6.4. The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to dele... • https://patchstack.com/database/vulnerability/arforms/wordpress-arforms-plugin-6-4-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32704 – WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
https://notcve.org/view.php?id=CVE-2024-32704
22 Apr 2024 — Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. Vulnerabilidad de autorización faltante en reputeinfosystems ARForms. Este problema afecta a ARForms: desde n/a hasta 6.4. The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to dele... • https://patchstack.com/database/vulnerability/arforms/wordpress-arforms-plugin-6-4-subscriber-arbitrary-wordpress-options-removal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32706 – WordPress ARForms plugin <= 6.4 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32706
22 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Repute info systems ARForms. Este problema afecta a ARForms: desde n/a hasta 6.4. The ARforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 6.4 ... • https://patchstack.com/database/vulnerability/arforms/wordpress-arforms-plugin-6-4-subscriber-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31270 – WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31270
05 Apr 2024 — Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. Vulnerabilidad de autorización faltante en Repute InfoSystems ARForms Form Builder. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.1. The ARForms Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.6.1. This makes it possible for authenticated att... • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31272 – WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31272
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Repute InfoSystems ARForms Form Builder. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.1. The ARForms Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on a fun... • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •