CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0427 – Arforms < 6.4.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-0427
22 May 2024 — The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. El complemento ARForms - Premium WordPress Form Builder Plugin de WordPress anterior a 6.4.1 no escapa correctamente a la entrada controlada por el usuario cuando se refleja en algunas de sus acciones AJAX. The ARForms - Premium WordPress Form Builder Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t... • https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4620 – ArForms < 6.6 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-4620
17 May 2024 — The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el código PHP se pueda cargar cuando se incluye una entrada de archivo de carga en un formulario. The ARforms p... • https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4621 – ArForms < 6.6 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4621
17 May 2024 — The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privile... • https://wpscan.com/vulnerability/33a366d9-6c81-4957-a101-768487aae735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •