cleantalk
Vulnerabilities and Security Researches

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder, CVE-2024-10504

CVE, Research URL

CVE-2024-10504

Home page URL

Security reports for Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Application

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Published on
May 16, 2025
Research Description
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Affected versions
Min -, max 1.7.1.
Status
vulnerable
Previous vulnerability researches
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-2941) , Apr 05, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2023-4821) , Jun 07, 2024
Drag and Drop Multiple File Upload for WooCommerce (CVE-2022-45377) , Jun 07, 2024
New vulnerability
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12812) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12808) , May 17, 2025
Badgearoo (CVE-2024-13828) , May 17, 2025
Melapress File Monitor (CVE-2024-10009) , May 17, 2025
Aptivada for WP (CVE-2025-48135) , May 17, 2025