2 matches found
CVE-2019-19110
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter...
CVE-2019-19110
CVE-2019-19110 affects WordPress wpForo Forum plugin version 1.6.5, where a reflected XSS can be triggered via the admin page parameter wp-admin/admin.php?page=wpforo-phrases. The root cause cited across sources is lack of proper validation/escaping of the s parameter, enabling execution of clien...