Reputeinfosystems

Arforms

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.6

CVE-2024-13785

  • EPSS 0.11%
  • Veröffentlicht 21.03.2026 03:26:54
  • Zuletzt bearbeitet 23.03.2026 14:32:02

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that do...

5.4

CVE-2024-10504

Exploit
  • EPSS 0.17%
  • Veröffentlicht 15.05.2025 20:15:33
  • Zuletzt bearbeitet 04.06.2025 20:35:34

The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

5.4

CVE-2024-54217

  • EPSS 0.15%
  • Veröffentlicht 09.12.2024 13:15:41
  • Zuletzt bearbeitet 01.04.2026 16:20:47

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.

7.7

CVE-2024-54216

  • EPSS 0.22%
  • Veröffentlicht 06.12.2024 14:15:26
  • Zuletzt bearbeitet 01.04.2026 16:20:46

Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1.

6.3

CVE-2024-0427

Exploit
  • EPSS 0.24%
  • Veröffentlicht 12.06.2024 06:15:08
  • Zuletzt bearbeitet 28.05.2025 20:05:04

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.

8.1

CVE-2024-32703

  • EPSS 0.43%
  • Veröffentlicht 09.06.2024 18:15:11
  • Zuletzt bearbeitet 01.04.2026 16:17:05

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

6.5

CVE-2024-32704

  • EPSS 0.28%
  • Veröffentlicht 09.06.2024 18:15:11
  • Zuletzt bearbeitet 01.04.2026 16:17:05

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

8.8

CVE-2024-32705

  • EPSS 0.73%
  • Veröffentlicht 09.06.2024 18:15:11
  • Zuletzt bearbeitet 01.04.2026 16:17:05

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

9.8

CVE-2024-4620

Exploit
  • EPSS 72.42%
  • Veröffentlicht 07.06.2024 06:15:11
  • Zuletzt bearbeitet 01.05.2025 19:47:03

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form

4.8

CVE-2024-4621

Exploit
  • EPSS 0.17%
  • Veröffentlicht 07.06.2024 06:15:11
  • Zuletzt bearbeitet 01.05.2025 19:46:27

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil...