wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress wpForo Forum < 1.9.7 - Open Redirect

WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...

EUVD-2026-36977

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40767

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

EUVD-2026-36807

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40798

WPForo Forum plugin for WordPress &lt;= 3.0.4 is affected by an unauthenticated SQL injection vulnerability. The CVE entry cites unauthenticated SQL Injection in wpForo Forum &lt;= 3.0.4, with CVSSv3.1 base score 9.3 (CRITICAL) and impact TIC: Confidentiality High, Availability Low, no privileges...

CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40767

The CVE concerns WordPress wpForo Forum plugin, affected versions before 3.0.2, showing Unauthenticated Broken Access Control. The description indicates unauthenticated access via a network vector with no user interaction, affecting confidentiality (high) while other impacts are not noted. CVSSv3...

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

PT-2026-49412

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

PT-2026-49515

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

PT-2026-49434

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-42682

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin wpForo Forum versions = 3.1.0...

WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.1.0...

CVE-2026-42682

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...