cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forarforms-form-builder arforms-form-builder

Direction: ascending
Jun 07, 2024

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder # CVE-2024-31272

CVE, Research URL

CVE-2024-31272

Home page URL

Security reports for Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Application

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Date
Apr 12, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
Affected versions
Min -, max -.
Status
vulnerable

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder # CVE-2022-45838

CVE, Research URL

CVE-2022-45838

Home page URL

Security reports for Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Application

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Date
Apr 18, 2023
Research Description
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions.
Affected versions
Min -, max -.
Status
vulnerable

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2023-6828

CVE, Research URL

CVE-2023-6828

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
Jan 11, 2024
Research Description
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2024-1945

CVE, Research URL

CVE-2024-1945

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
May 02, 2024
Research Description
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber access and above, to delete arbitrary site options, resulting in loss of availability.
Affected versions
Min -, max -.
Status
vulnerable

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2024-31270

CVE, Research URL

CVE-2024-31270

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
May 08, 2024
Research Description
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
Affected versions
Min -, max -.
Status
vulnerable

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2021-24718

CVE, Research URL

CVE-2021-24718

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
Dec 06, 2021
Research Description
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions
Min -, max -.
Status
vulnerable
Jul 12, 2024

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2024-37920

CVE, Research URL

CVE-2024-37920

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
Jul 20, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7.
Affected versions
Min -, max -.
Status
vulnerable
Dec 10, 2024

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2024-54223

CVE, Research URL

CVE-2024-54223

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
Dec 09, 2024
Research Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1.
Affected versions
Min -, max -.
Status
vulnerable
May 17, 2025

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder # CVE-2024-10504

CVE, Research URL

CVE-2024-10504

Home page URL

Security reports for Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Application

Contact Form, Survey &amp; Popup Form Plugin for WordPress &#8211; ARForms Form Builder

Date
May 16, 2025
Research Description
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Affected versions
Min -, max -.
Status
vulnerable