汇总 reputeinfosystems 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 CSRF、路径处理缺陷、文件包含与输入验证问题,在 软件部署与生产负载 使用场景中可能带来 文件覆盖、异常行为与未授权访问 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2022-47425 | Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10. | [email protected] | 4.3 | 0.26% | 2025-12-09 | 2026-06-17 |
| CVE-2024-11189 | The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | [email protected] | 4.8 | 0.25% | 2025-05-15 | 2026-06-17 |
| CVE-2024-10504 | The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.27% | 2025-05-15 | 2026-06-17 |
| CVE-2025-31910 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through <= 1.1.28. | [email protected] | 7.6 | 0.35% | 2025-04-01 | 2026-06-17 |
| CVE-2025-24732 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through <= 1.1.25. | [email protected] | 6.5 | 0.28% | 2025-01-24 | 2026-06-17 |
| CVE-2023-39994 | Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. | [email protected] | 4.3 | 0.27% | 2025-01-02 | 2026-06-17 |
| CVE-2024-54223 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1.7.1. | [email protected] | 5.3 | 0.32% | 2024-12-09 | 2026-06-17 |
| CVE-2024-54217 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1. | [email protected] | 5.4 | 0.42% | 2024-12-09 | 2026-06-17 |
| CVE-2024-54216 | Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms allows Path Traversal. This issue affects ARForms: from n/a before 7.0.2. | [email protected] | 7.7 | 0.53% | 2024-12-06 | 2026-07-07 |
| CVE-2022-47424 | Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | [email protected] | 5.4 | 0.19% | 2024-11-19 | 2026-06-17 |
| CVE-2024-10540 | The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already ex | [email protected] | 5.3 | 0.57% | 2024-11-01 | 2026-06-17 |
| CVE-2024-37920 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. | [email protected] | 7.1 | 0.28% | 2024-07-20 | 2026-06-17 |
| CVE-2024-6660 | The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary f | [email protected] | 8.8 | 0.62% | 2024-07-17 | 2026-06-17 |
| CVE-2024-6467 | The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files (either on the local server or from a remote location), allowing the ex | [email protected] | 8.8 | 0.86% | 2024-07-17 | 2026-06-17 |
| CVE-2024-0427 | The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. | [email protected] | 6.3 | 0.36% | 2024-06-12 | 2026-06-17 |
| CVE-2024-34799 | Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | [email protected] | 6.5 | 0.37% | 2024-06-11 | 2026-06-17 |
| CVE-2024-32705 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | [email protected] | 7.1 | 0.40% | 2024-06-09 | 2026-06-17 |
| CVE-2024-32704 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | [email protected] | 7.1 | 0.34% | 2024-06-09 | 2026-06-17 |
| CVE-2024-32703 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | [email protected] | 7.7 | 0.58% | 2024-06-09 | 2026-06-17 |
| CVE-2024-4621 | The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | [email protected] | 4.8 | 0.35% | 2024-06-07 | 2026-06-17 |