cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0427,https://securityvulnerability.io/vulnerability/CVE-2024-0427,Plugin Vulnerability: Inadequate User Input Escaping in AJAX Actions,The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.,Wordpress,Arforms - Premium WordPress Form Builder Plugin,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-06-12T06:00:02.026Z,0
CVE-2024-4621,https://securityvulnerability.io/vulnerability/CVE-2024-4621,Unfiltered HTML Settings in ARForms Plugin Can Lead to Stored Cross-Site Scripting Attacks,"The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Arforms - Premium WordPress Form Builder Plugin,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-06-07T06:00:02.652Z,0
CVE-2024-4620,https://securityvulnerability.io/vulnerability/CVE-2024-4620,Unauthenticated Users Can Modify Uploaded Files and Inject PHP Code,The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form,Wordpress,Arforms - Premium WordPress Form Builder Plugin,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-06-07T06:00:02.468Z,0
CVE-2024-1945,https://securityvulnerability.io/vulnerability/CVE-2024-1945,Unauthorized Data Loss Vulnerability in ARForms Form Builder Plugin for WordPress,"The ARForms Form Builder plugin for WordPress is susceptible to unauthorized data loss resulting from inadequate capability checks within the 'arflite_remove_preview_data' function. This vulnerability impacts all versions up to and including 1.6.4. Authenticated attackers with subscriber-level access or higher can exploit this flaw to delete arbitrary site options, leading to potential availability issues and erosion of data integrity on affected WordPress sites.",Wordpress,"Contact Form, Survey & Popup Form Plugin For WordPress –  Arforms Form Builder",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:41.117Z,0
CVE-2023-6828,https://securityvulnerability.io/vulnerability/CVE-2023-6828,Stored Cross-Site Scripting in ARForms Form Builder for WordPress,"The ARForms Form Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities due to inadequate input sanitization and output escaping in the 'arf_http_referrer_url' parameter. This flaw permits unauthenticated attackers to inject arbitrary web scripts into pages, posing significant risks when users access these compromised pages. Affected versions include all versions up to and including 1.5.8.",Wordpress,"Contact Form, Survey & Popup Form Plugin for WordPress –  ARForms Form Builder",6.1,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2024-01-11T08:32:37.581Z,0
CVE-2021-24718,https://securityvulnerability.io/vulnerability/CVE-2021-24718,ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting,"The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",Wordpress,"Contact Form, Survey & Popup Form Plugin For WordPress –  Arforms Form Builder",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-06T15:55:24.000Z,0
CVE-2019-16902,https://securityvulnerability.io/vulnerability/CVE-2019-16902,,"In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.",Wordpress,Arforms,7.5,HIGH,0.006320000160485506,false,,false,false,false,,false,false,2019-09-27T10:56:35.000Z,0