122 matches found
WordPress Asgaros Forum <1.15.13 - SQL Injection
WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
CVE-2022-0411
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the postid parameter before using it in a SQL statement via a REST route of the plugin accessible to any authenticated user, leading to a SQL injection...
WordPress Asgaros Forum plugin cross-site request forgery vulnerability
WordPress Asgaros Forum plugin is a lightweight forum plugin designed for WordPress that supports the rapid creation and management of forum pages, providing basic posting, replying, user management and other functions. The WordPress Asgaros Forum plugin suffers from a cross-site request forgery...
CVE-2025-12901
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
EUVD-2025-119996
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901 Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901 Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901
The CVE-2025-12901 entry concerns the WordPress plugin Asgaros Forum. Reports across multiple sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to 3.2.1 caused by missing nonce validation in the set_subscription_level() function, enabling unauthenticated attacke...
WordPress Asgaros Forum plugin <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update vulnerability
Cross-Site Request Forgery to Subscription Settings Update vulnerability discovered by Brian Mungai in WordPress Plugin Asgaros Forum versions = 3.2.1...
WordPress plugin Asgaros Forum 跨站请求伪造漏洞
WordPress Asgaros Forum plugin is a lightweight forum plugin designed for WordPress that supports the rapid creation and management of forum pages, providing basic posting, replying, user management and other functions. The WordPress Asgaros Forum plugin suffers from a cross-site request forgery...
WordPress Asgaros Forum plugin SQL Injection Vulnerability
WordPress Asgaros Forum plugin is a lightweight forum plugin designed specifically for WordPress to support the rapid creation and management of forum pages, providing basic posting, replying, user management and other functions. WordPress Asgaros Forum plugin suffers from a SQL injection...
WordPress Asgaros Forum plugin <= 3.1.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Asgaros Forum versions = 3.1.0...
CVE-2025-11452
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
EUVD-2025-38344
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-11452
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-11452
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-11452 Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-11452
The CVE-2025-11452 affects the WordPress plugin Asgaros Forum . It is vulnerable to SQL Injection via the cookie named asgarosforum_unread_exclude in all versions up to and including 3.1.0, caused by insufficient escaping of the user-supplied parameter and inadequate preparation of the existing S...