cleantalk
Vulnerabilities and Security Researches

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder, CVE-2024-10504

CVE, Research URL

CVE-2024-10504

Home page URL

Security reports for Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Application

Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Published on
May 16, 2025
Research Description
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Affected versions
Min -, max 1.7.1.
Status
vulnerable
Previous vulnerability researches
Action Network (CVE-2024-2954) , Jun 07, 2024
Action Network (CVE-2024-25921) , Jun 07, 2024
Action Network (CVE-2024-12394) , Jan 10, 2025
New vulnerability
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-13619) , May 17, 2025
AHAthat Plugin (CVE-2024-11269) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12812) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12808) , May 17, 2025
Badgearoo (CVE-2024-13828) , May 17, 2025