Lucene search
+L

55 matches found

Cvelist
Cvelist
added 2024/12/06 8:24 a.m.22 views

CVE-2024-10879 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00387EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.6 views

WordPress plugin ForumWP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.1CVSS7.7AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.7 views

PT-2024-16822 · WordPress · Forumwp

Name of the Vulnerable Software and Affected Versions: ForumWP – Forum & Discussion Board plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to Reflected Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping...

6.1CVSS6.8AI score0.0034EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.8 views

PT-2024-16612 · WordPress · Forumwp

Name of the Vulnerable Software and Affected Versions: ForumWP – Forum & Discussion Board plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping...

6.1CVSS6.8AI score0.00387EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.6 views

WordPress plugin ForumWP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin...

6.1CVSS7.6AI score0.00387EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/12/05 10:34 p.m.6 views

WordPress ForumWP plugin <= 2.1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin ForumWP versions = 2.1.2...

6.1CVSS6.3AI score0.00387EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/06 2:15 p.m.8 views

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

8.8CVSS5.8AI score0.00485EPSS
Exploits0References2
NVD
NVD
added 2024/09/06 2:15 p.m.20 views

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

8.8CVSS0.00485EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/06 1:55 p.m.29 views

CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

8.8CVSS0.00485EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/06 1:55 p.m.16 views

CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

8.8CVSS7AI score0.00485EPSS
Exploits0References3
CVE
CVE
added 2024/09/06 1:55 p.m.52 views

CVE-2024-8428

Summary (CVE-2024-8428) : The ForumWP – Forum & Discussion Board Plugin for WordPress (

8.8CVSS8.7AI score0.00485EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/06 2:54 a.m.6 views

WordPress ForumWP plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin ForumWP versions = 2.0.2...

8.8CVSS7AI score0.00485EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.4 views

WordPress plugin ForumWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.5AI score0.00485EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/06 12:0 a.m.12 views

WordPress ForumWP Plugin <= 2.0.2 is vulnerable to Privilege Escalation

Software ForumWP Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8428 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 04472abbfa0c Credits wesley wcraft...

8.8CVSS9AI score0.00485EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.7 views

PT-2024-39005 · WordPress · Forumwp

Name of the Vulnerable Software and Affected Versions: The ForumWP – Forum & Discussion Board Plugin plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Privilege Escalation via Insecure Direct Object Reference. This is due to missing validation on the...

8.8CVSS7.5AI score0.00485EPSS
Exploits0References12
Rows per page
Query Builder