Aggregates CVE and security vulnerability intelligence across all reputeinfosystems-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf, vendor risk path handling, vendor risk file inclusion, and vendor risk input validation and related problems; some flaws may lead to vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-47425 | Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10. | [email protected] | 4.3 | 0.25% | 2025-12-09 | 2026-01-30 |
| CVE-2024-11189 | The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | [email protected] | 4.8 | 0.25% | 2025-05-15 | 2025-06-09 |
| CVE-2024-10504 | The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.27% | 2025-05-15 | 2025-06-04 |
| CVE-2025-31910 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through <= 1.1.28. | [email protected] | 7.6 | 0.30% | 2025-04-01 | 2026-04-23 |
| CVE-2025-24732 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through <= 1.1.25. | [email protected] | 6.5 | 0.28% | 2025-01-24 | 2026-04-23 |
| CVE-2023-39994 | Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. | [email protected] | 4.3 | 0.27% | 2025-01-02 | 2026-04-28 |
| CVE-2024-54223 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1.7.1. | [email protected] | 5.3 | 0.32% | 2024-12-09 | 2026-04-23 |
| CVE-2024-54217 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1. | [email protected] | 5.4 | 0.42% | 2024-12-09 | 2026-04-23 |
| CVE-2024-54216 | Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1. | [email protected] | 7.7 | 0.53% | 2024-12-06 | 2026-04-23 |
| CVE-2022-47424 | Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | [email protected] | 5.4 | 0.19% | 2024-11-19 | 2026-01-26 |
| CVE-2024-10540 | The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already ex | [email protected] | 5.3 | 0.57% | 2024-11-02 | 2024-11-04 |
| CVE-2024-37920 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. | [email protected] | 7.1 | 0.28% | 2024-07-20 | 2026-01-23 |
| CVE-2024-6660 | The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary f | [email protected] | 8.8 | 0.62% | 2024-07-17 | 2026-04-08 |
| CVE-2024-6467 | The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files (either on the local server or from a remote location), allowing the ex | [email protected] | 8.8 | 0.86% | 2024-07-17 | 2026-04-08 |
| CVE-2024-0427 | The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. | [email protected] | 6.3 | 0.36% | 2024-06-12 | 2025-05-28 |
| CVE-2024-34799 | Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | [email protected] | 6.5 | 0.37% | 2024-06-11 | 2025-03-20 |
| CVE-2024-32705 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | [email protected] | 7.1 | 0.40% | 2024-06-09 | 2026-04-23 |
| CVE-2024-32704 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | [email protected] | 7.1 | 0.34% | 2024-06-09 | 2026-04-23 |
| CVE-2024-32703 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | [email protected] | 7.7 | 0.58% | 2024-06-09 | 2026-04-23 |
| CVE-2024-4621 | The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | [email protected] | 4.8 | 0.35% | 2024-06-07 | 2025-05-01 |