Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arforms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-16902
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
Reputeinfosystems Arforms 3.7.1
1 Github repository
7.5
CVSSv3
CVE-2018-15818
An issue exists in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
Reputeinfosystems Repute Arforms
6.1
CVSSv3
CVE-2022-45838
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions.
Reputeinfosystems Arforms Form Builder
6.1
CVSSv3
CVE-2023-6828
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient inp...
Reputeinfosystems Arforms Form Builder
4.8
CVSSv3
CVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin prior to 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Reputeinfosystems Contact Form\\, Survey \\& Popup Form Plugin For Wordpress - Arforms Form Builder
NA
CVE-2024-31272
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a up to and including 1.6.1.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started