55 matches found
CVE-2024-10879 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to...
WordPress plugin ForumWP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
PT-2024-16822 · WordPress · Forumwp
Name of the Vulnerable Software and Affected Versions: ForumWP – Forum & Discussion Board plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to Reflected Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping...
PT-2024-16612 · WordPress · Forumwp
Name of the Vulnerable Software and Affected Versions: ForumWP – Forum & Discussion Board plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping...
WordPress plugin ForumWP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin...
WordPress ForumWP plugin <= 2.1.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin ForumWP versions = 2.1.2...
CVE-2024-8428
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
CVE-2024-8428
Summary (CVE-2024-8428) : The ForumWP – Forum & Discussion Board Plugin for WordPress (
WordPress ForumWP plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin ForumWP versions = 2.0.2...
WordPress plugin ForumWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress ForumWP Plugin <= 2.0.2 is vulnerable to Privilege Escalation
Software ForumWP Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8428 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 04472abbfa0c Credits wesley wcraft...
PT-2024-39005 · WordPress · Forumwp
Name of the Vulnerable Software and Affected Versions: The ForumWP – Forum & Discussion Board Plugin plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Privilege Escalation via Insecure Direct Object Reference. This is due to missing validation on the...