Arforms Form Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:reputeinfosystems:arforms_form_builder:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Reputeinfosystems (49750278-e8bc-59c0-be32-c061c007e30f) |
|---|---|
| Product | Arforms Form Builder (3fcfb472-4937-5fc1-9f85-079f7bf98b63) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-54223 |
vulnerable | 2026-06-03 14:57:40.940469 |
WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
MEDIUM (5.3)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1.7.1.
Published: 2024-12-09T11:31:58.869Z
Updated: 2026-04-28T16:10:47.589Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4621 |
vulnerable | 2026-06-03 14:57:15.894775 |
ArForms < 6.6 - Admin+ Stored XSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-06-07T06:00:02.652Z
Updated: 2024-08-01T20:47:41.215Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4620 |
vulnerable | 2026-06-03 14:57:15.892681 |
ArForms < 6.6 - Unauthenticated RCE
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form
Published: 2024-06-07T06:00:02.468Z
Updated: 2024-08-01T20:47:41.237Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31270 |
vulnerable | 2026-06-03 14:55:39.356077 |
WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
HIGH (7.6)
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
Published: 2024-05-08T13:25:37.157Z
Updated: 2026-04-28T16:09:29.481Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0427 |
vulnerable | 2026-06-03 14:54:02.667113 |
Arforms < 6.4.1 - Reflected XSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.
Published: 2024-06-12T06:00:02.026Z
Updated: 2024-08-01T18:04:49.774Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.