Approved changes feed: RSS · Atom
cpe:2.3:a:reputeinfosystems:arforms:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Reputeinfosystems (49750278-e8bc-59c0-be32-c061c007e30f) |
|---|---|
| Product | Arforms (2f526913-95df-5a7f-89e1-8e040c6474be) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-54217 |
vulnerable | 2026-06-03 14:57:40.932558 |
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability
MEDIUM (5.4)
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.
Published: 2024-12-09T12:58:59.338Z
Updated: 2026-04-28T16:10:47.195Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54216 |
vulnerable | 2026-06-03 14:57:40.929720 |
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability
HIGH (7.7)
Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1.
Published: 2024-12-06T13:07:17.500Z
Updated: 2026-04-28T16:10:47.190Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4621 |
vulnerable | 2026-06-03 14:57:15.894843 |
ArForms < 6.6 - Admin+ Stored XSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-06-07T06:00:02.652Z
Updated: 2024-08-01T20:47:41.215Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4620 |
vulnerable | 2026-06-03 14:57:15.894368 |
ArForms < 6.6 - Unauthenticated RCE
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form
Published: 2024-06-07T06:00:02.468Z
Updated: 2024-08-01T20:47:41.237Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32706 |
vulnerable | 2026-06-03 14:55:47.793090 |
WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
Published: 2024-04-24T08:12:03.672Z
Updated: 2026-04-28T16:09:39.485Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32705 |
vulnerable | 2026-06-03 14:55:47.791073 |
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
HIGH (7.1)
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
Published: 2024-06-09T17:10:07.499Z
Updated: 2026-04-28T16:09:39.562Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32704 |
vulnerable | 2026-06-03 14:55:47.790710 |
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
HIGH (7.1)
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
Published: 2024-06-09T17:11:25.567Z
Updated: 2026-04-28T16:09:39.452Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32703 |
vulnerable | 2026-06-03 14:55:47.790225 |
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability
HIGH (7.7)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
Published: 2024-06-09T17:17:52.524Z
Updated: 2026-04-28T16:09:39.362Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32702 |
vulnerable | 2026-06-03 14:55:47.789736 |
WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.
Published: 2024-04-24T10:13:23.385Z
Updated: 2026-04-28T16:09:39.322Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10504 |
vulnerable | 2026-06-03 14:54:11.896935 |
ARForms Builder < 1.7.1 - Unauthenticated Stored XSS
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Published: 2025-05-15T20:06:44.219Z
Updated: 2025-05-20T15:31:47.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0427 |
vulnerable | 2026-06-03 14:54:02.670579 |
Arforms < 6.4.1 - Reflected XSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.
Published: 2024-06-12T06:00:02.026Z
Updated: 2024-08-01T18:04:49.774Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.