Shodan
Vulnerabilities
Vulnerable Software
Ari-Soft:  Security Vulnerabilities
CVE-2019-25215
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-10-16
CVE-2023-51487
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-16
CVE-2024-24884
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-12
CVE-2024-0239
The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-01-16
CVE-2023-52182
Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0.
CVSS Score
9.9
EPSS Score
0.004
Published
2023-12-31
CVE-2023-47835
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-23
CVE-2022-0161
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-14
CVE-2020-19156
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved