Lucene search
+L

323 matches found

Nuclei
Nuclei
added 15 hours ago41 views

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

7.5CVSS5.6AI score0.01727EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago45 views

WordPress wpForo Forum < 1.9.7 - Open Redirect

WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...

6.1CVSS6.2AI score0.03379EPSS
Exploits2References4
Nuclei
Nuclei
added 15 hours ago77 views

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS7.3AI score0.00845EPSS
Exploits1References4
NVD
NVD
added yesterday12 views

CVE-2026-15021

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday32 views

CVE-2026-15021 wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added yesterday21 views

CVE-2026-15021

The wpForo Forum plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the 'location' Profile Field across all versions up to 3.1.1. The issue stems from insufficient input sanitization and output escaping; sanitize_text_field() at input does not encode double q...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added yesterday7 views

WordPress wpForo Forum plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by valent1 in WordPress Plugin wpForo Forum versions = 3.1.1...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.11 views

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.22 views

CVE-2026-57636

CVE-2026-57636 describes a Contributor SQL Injection in the WordPress wpForo Forum plugin (versions ≤ 3.0.9). Affected will be the wpForo Forum component; root cause is unsafe SQL query construction that enables SQL injection. Impact per the entry’s metrics is high: CVSS 3.1 base score 8.5, Confi...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.35 views

CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39752

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:31 p.m.8 views

WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37623

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36977

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40767

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS0.00287EPSS
Exploits0References1
Rows per page
Query Builder