88 matches found
WordPress wpForo Forum plugin <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability discovered by Jared Reyes in WordPress Plugin wpForo Forum versions = 2.4.16...
CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...
CVE-2026-3666
CVE-2026-3666 affects wpForo Forum plugin for WordPress (all versions up to and including 2.4.16). The vulnerability arises from missing validation of file name/path against path traversal sequences, allowing authenticated users with subscriber level access and above to delete arbitrary files on ...
CVE-2026-3666
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...
GHSA-G375-5WMP-XR78 Admidio is Missing Authorization on Forum Topic and Post Deletion
Summary The forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perform no authorization check before calling delete. Any authenticated user with...
WordPress plugin wpForo Forum 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-21626
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...
CVE-2026-21626 Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...
CVE-2026-21626
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...
EUVD-2026-5682
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...
CVE-2026-1009
A stored cross-site scripting XSS vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post...
CVE-2026-1009 Stored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data Exposure
A stored cross-site scripting XSS vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post...
EUVD-2009-2397
Malware in sbrugna...
EUVD-2006-2189
Malware in sbrugna...
EUVD-2006-5114
Malware in sbrugna...
EUVD-2009-0491
Malware in sbrugna...
EUVD-2006-5115
Malware in sbrugna...
EUVD-2008-0835
Malware in sbrugna...
EUVD-2021-19448
Malware in sbrugna...
EUVD-2006-6917
Malware in sbrugna...