Lucene search

K

WpForo Forum Security Vulnerabilities

cve
cve

CVE-2024-3200

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

9.9CVSS

7.5AI Score

0.001EPSS

2024-06-01 09:15 AM
6
cve
cve

CVE-2023-47868

Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through...

7.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:15 AM
23
cve
cve

CVE-2023-47870

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through...

8.8CVSS

8.9AI Score

0.001EPSS

2023-11-30 06:15 PM
14
cve
cve

CVE-2023-47872

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2023-11-30 05:15 PM
47
cve
cve

CVE-2023-2309

The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-07-24 11:15 AM
24
cve
cve

CVE-2023-2249

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the...

8.8CVSS

9AI Score

0.011EPSS

2023-06-09 06:16 AM
50
cve
cve

CVE-2022-40206

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as...

6.3CVSS

4.5AI Score

0.0005EPSS

2022-11-26 12:00 AM
34
2
cve
cve

CVE-2022-40200

Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on...

9.9CVSS

8.6AI Score

0.001EPSS

2022-11-17 11:15 PM
25
6
cve
cve

CVE-2022-40192

Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-17 11:15 PM
26
4
cve
cve

CVE-2022-40632

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic...

5.4CVSS

5.5AI Score

0.001EPSS

2022-11-08 07:15 PM
32
4
cve
cve

CVE-2022-40205

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as...

5.4CVSS

4.5AI Score

0.001EPSS

2022-11-08 07:15 PM
37
2
cve
cve

CVE-2018-11709

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the...

6.1CVSS

6AI Score

0.002EPSS

2022-10-03 04:21 PM
32
cve
cve

CVE-2022-38144

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at...

8.8CVSS

8.8AI Score

0.001EPSS

2022-09-09 03:15 PM
32
7
cve
cve

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control.....

6.1CVSS

6.1AI Score

0.001EPSS

2021-07-06 11:15 AM
38
cve
cve

CVE-2018-16613

An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user...

9.8CVSS

9.5AI Score

0.003EPSS

2019-06-19 06:15 PM
84
cve
cve

CVE-2018-11515

The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo...

9.8CVSS

9.9AI Score

0.003EPSS

2018-05-28 02:29 PM
20