323 matches found
wpForo Forum <= 2.4.14 - SQL Injection
wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...
WordPress wpForo Forum < 1.9.7 - Open Redirect
WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...
wpForo Forum <= 2.1.8 - Cross-Site Scripting
The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-15021
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-15021 wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-15021
The wpForo Forum plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the 'location' Profile Field across all versions up to 3.1.1. The issue stems from insufficient input sanitization and output escaping; sanitize_text_field() at input does not encode double q...
WordPress wpForo Forum plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by valent1 in WordPress Plugin wpForo Forum versions = 3.1.1...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636
CVE-2026-57636 describes a Contributor SQL Injection in the WordPress wpForo Forum plugin (versions ≤ 3.0.9). Affected will be the wpForo Forum component; root cause is unsafe SQL query construction that enables SQL injection. Impact per the entry’s metrics is high: CVSS 3.1 base score 8.5, Confi...
CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
EUVD-2026-39752
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...
EUVD-2026-37623
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
EUVD-2026-36977
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-49769
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
CVE-2026-40798
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
CVE-2026-40767
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...