Ari Soft

ari-soft

8 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Ari Stream Quiz

ari_stream_quiz

Contact Form 7 Connector

contact_form_7_connector

Ari Fancy Lightbox

ari_fancy_lightbox

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25215 1Ari Soft 1Ari Adminer Jun 17, 2026 Oct 16, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for una...Show more The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.Show less
CVE-2023-51487 1Ari Soft 1Ari Stream Quiz Jun 17, 2026 Mar 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.
CVE-2024-24884 1Ari Soft 1Contact Form 7 Connector Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.
CVE-2024-0239 1Ari Soft 1Contact Form 7 Connector Jun 17, 2026 Jan 16, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administr...Show more The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.Show less
CVE-2023-52182 1Ari Soft 1Ari Stream Quiz Jun 17, 2026 Dec 31, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0.
CVE-2023-47835 1Ari Soft 1Ari Stream Quiz Jun 17, 2026 Nov 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions.
CVE-2022-0161 1Ari Soft 1Ari Fancy Lightbox Jun 17, 2026 Mar 14, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2020-19156 1Ari Soft 1Ari Adminer Jun 17, 2026 Sep 15, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.