Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Reputeinfosystems — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting Reputeinfosystems. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Reputeinfosystems operates as a provider of enterprise software solutions, primarily focusing on identity and access management platforms. An analysis of its public vulnerability history reveals a concerning pattern of thirty-six recorded Common Vulnerabilities and Exposures (CVEs). These security flaws predominantly stem from inadequate input validation and improper access controls, resulting in frequent instances of Remote Code Execution (RCE) and Cross-Site Scripting (XSS). Additionally, several entries highlight critical privilege escalation risks, allowing unauthorized users to gain administrative rights within the system. While specific major public breaches are not widely documented in open sources, the high volume of RCE vulnerabilities suggests systemic weaknesses in the software’s security architecture. This track record indicates that Reputeinfosystems products have historically struggled with fundamental secure coding practices, posing significant risks to organizations relying on their identity management infrastructure without rigorous patching and network segmentation.

Top products by Reputeinfosystems: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress ARForms ARPrice Contact Form, Survey, Quiz & Popup Form Builder – ARForms BookingPress Social Share And Social Locker ARMember ARForms Form Builder
CVE IDTitleCVSSSeverityPublished
CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-89 7.5 High2026-05-02
CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution — Contact Form, Survey, Quiz & Popup Form Builder – ARFormsCWE-94 5.6 Medium2026-03-21
CVE-2025-31911 WordPress Social Share And Social Locker plugin <= 1.4.2 - SQL Injection vulnerability — Social Share And Social LockerCWE-89 9.3 Critical2025-04-03
CVE-2025-31902 WordPress Social Share And Social Locker Plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Social Share And Social LockerCWE-79 7.1 High2025-04-03
CVE-2025-31910 WordPress BookingPress plugin <= 1.1.28 - SQL Injection vulnerability — BookingPressCWE-89 7.6 High2025-04-01
CVE-2025-26731 WordPress ARPrice plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability — ARPriceCWE-79 6.5 Medium2025-03-27
CVE-2025-24732 WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability — BookingPressCWE-79 6.5 Medium2025-01-24
CVE-2024-49655 WordPress ARPrice plugin <= 4.1.3 - Unauthenticated SQL Injection vulnerability — ARPriceCWE-89 9.3 Critical2025-01-21
CVE-2024-49700 WordPress ARPrice plugin <= 4.1.3 - Reflected Cross Site Scripting (XSS) vulnerability — ARPriceCWE-79 7.1 High2025-01-21
CVE-2024-49688 WordPress ARPrice plugin <= 4.1.3 - Unauthenticated PHP Object Injection vulnerability — ARPriceCWE-502 9.8 Critical2025-01-21
CVE-2024-49699 WordPress ARPrice plugin <= 4.1.3 - PHP Object Injection vulnerability — ARPriceCWE-502 8.8 High2025-01-21
CVE-2024-49666 WordPress ARPrice plugin <= 4.1.3 - SQL Injection vulnerability — ARPriceCWE-89 8.5 High2025-01-21
CVE-2024-11726 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPressCWE-89 6.5 Medium2024-12-24
CVE-2024-54217 WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability — ARFormsCWE-862 5.4 Medium2024-12-09
CVE-2024-54223 WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability — ARForms Form BuilderCWE-80 5.3 Medium2024-12-09
CVE-2024-54216 WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability — ARFormsCWE-35 7.7 High2024-12-06
CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-94 6.3 Medium2024-12-06
CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPressCWE-89 5.3 Medium2024-11-02
CVE-2024-7703 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-79 6.4 Medium2024-08-17
CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPressCWE-288 9.8 Critical2024-08-08
CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPressCWE-73 8.8 High2024-07-17
CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPressCWE-280 8.8 High2024-07-17
CVE-2024-32703 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability — ARFormsCWE-22 7.7 High2024-06-09
CVE-2024-32704 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability — ARFormsCWE-862 7.1 High2024-06-09
CVE-2024-32705 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability — ARFormsCWE-862 7.1 High2024-06-09
CVE-2024-4133 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-601 6.1 Medium2024-05-02
CVE-2024-1945 ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion — Contact Form, Survey, Quiz & Popup Form Builder – ARFormsCWE-862 7.1 High2024-05-02
CVE-2024-32702 WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability — ARFormsCWE-79 7.1 High2024-04-24
CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability — ARFormsCWE-89 8.5 High2024-04-24
CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPressCWE-434 7.2 High2024-04-04

This page lists every published CVE security advisory associated with Reputeinfosystems. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.