Reputeinfosystems Arforms — known CVE vulnerabilities
Every CVE whose affected-product data names Reputeinfosystems Arforms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-4620 — CVSS 9.8 (critical): The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in…
CVE-2024-32706 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms…
CVE-2024-54216 — CVSS 7.7 (high): Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms allows Path Traversal. This issue affects ARForms: from n/a before…
CVE-2024-32703 — CVSS 7.7 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This…
CVE-2019-16902 — CVSS 7.5 (high): In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by…
CVE-2024-32705 — CVSS 7.1 (high): Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
CVE-2024-32702 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARForms…
CVE-2024-32704 — CVSS 7.1 (high): Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
CVE-2024-0427 — CVSS 6.3 (medium): The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is…
CVE-2024-10504 — CVSS 5.4 (medium): The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when…
CVE-2024-54217 — CVSS 5.4 (medium): Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.
CVE-2024-4621 — CVSS 4.8 (medium): The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which…