Reputeinfosystems

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-46808 1Reputeinfosystems 1Armember Apr 28, 2026 Nov 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.Show less
CVE-2023-33323 1Reputeinfosystems 1Armember Nov 21, 2024 Jun 22, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.
CVE-2022-47140 1Reputeinfosystems 1Armember Nov 21, 2024 Jun 12, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
CVE-2022-45838 1Reputeinfosystems 1Arforms Form Builder Nov 21, 2024 Apr 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions.
CVE-2022-4340 1Reputeinfosystems 1Bookingpress Apr 10, 2025 Jan 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full...Show more The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.Show less
CVE-2022-0867 1Reputeinfosystems 1Pricing Table Nov 21, 2024 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthen...Show more The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated usersShow less
CVE-2022-0739 1Reputeinfosystems 1Bookingpress Nov 21, 2024 Mar 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (av...Show more The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL InjectionShow less
CVE-2021-24718 1Reputeinfosystems 1Contact Form, Survey & Popup Form Plugin For Wordpress Arforms Form Builder Nov 21, 2024 Dec 6, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_...Show more The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedShow less
CVE-2019-16902 1Reputeinfosystems 1Arforms Nov 21, 2024 Sep 27, 2019 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
CVE-2019-14679 1Reputeinfosystems 1Arprice Lite Nov 21, 2024 Aug 8, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.
CVE-2018-15818 1Reputeinfosystems 1Repute Arforms Nov 21, 2024 Mar 21, 2019 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.

Previous 1 23