CVE-2024-32705

HIGH EXPLOITED

ARForms <= 6.4 - Unauthenticated Arbitrary Plugin Activation and Deactivation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-32705 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

Scores

CVSS v3 7.1
EPSS 0.0038
EPSS Percentile 30.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-04-22
CWE
CWE-862
Status published
Products (2)
reputeinfosystems/ARForms < 6.4
reputeinfosystems/arforms < 6.4.1
Published Jun 09, 2024
Tracked Since Feb 18, 2026