CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54216 – WordPress ARForms plugin <= 6.4.1 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2024-54216
02 Dec 2024 — Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. The ARforms plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the serve... • https://patchstack.com/database/wordpress/plugin/arforms/vulnerability/wordpress-arforms-plugin-6-4-1-subscriber-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54217 – WordPress ARForms plugin <= 6.4.1 - Plugin Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-54217
02 Dec 2024 — Missing Authorization vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.1. The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the plugin's settings. • https://patchstack.com/database/wordpress/plugin/arforms/vulnerability/wordpress-arforms-plugin-6-4-1-subscriber-plugin-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32705 – WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
https://notcve.org/view.php?id=CVE-2024-32705
22 Apr 2024 — Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. Vulnerabilidad de autorización faltante en reputeinfosystems ARForms. Este problema afecta a ARForms: desde n/a hasta 6.4. The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to acti... • https://patchstack.com/database/vulnerability/arforms/wordpress-arforms-plugin-6-4-subscriber-arbitrary-plugin-activation-deactivation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16902 – ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2019-16902
27 Sep 2019 — In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. En el plugin Arforms versión 3.7.1 para WordPress, la función arf_delete_file en el archivo arformcontroller.php permite la eliminación no autenticada de un archivo arbitrario mediante el suministro del nombre de ruta completo. • https://www.exploit-db.com/exploits/47443 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •