CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7068 matches found

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

7.5CVSS5.9AI score0.01727EPSS

Exploits1References2

Nuclei•added 18 hours ago•44 views

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.9AI score0.00812EPSS

Exploits1References4

Nuclei•added 18 hours ago•34 views

WordPress wpForo Forum < 1.9.7 - Open Redirect

WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...

6.1CVSS6.3AI score0.03379EPSS

Exploits2References4

Nuclei•added yesterday•16 views

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...

6.1CVSS6.3AI score0.02257EPSS

Exploits1References5

Nuclei•added yesterday•43 views

WordPress Asgaros Forum <1.15.13 - SQL Injection

WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.4AI score0.12938EPSS

Exploits3References5

EUVD•added 5 days ago•8 views

EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.3AI score0.00293EPSS

Exploits0References2

EUVD•added 6 days ago•8 views

EUVD-2026-37623

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS

Exploits0References2

NVD•added 6 days ago•5 views

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS

Exploits0References1

Cvelist•added 6 days ago•26 views

CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS

Exploits0References1

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36977

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.1AI score0.00287EPSS

Exploits0References2

NVD•added 2026/06/15 9:17 p.m.•11 views

CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS

Exploits0References1

NVD•added 2026/06/15 9:16 p.m.•5 views

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS0.00283EPSS

Exploits0References1

NVD•added 2026/06/15 9:16 p.m.•3 views

CVE-2026-40767

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS0.00287EPSS

Exploits0References1

EUVD•added 2026/06/15 8:19 p.m.•8 views

EUVD-2026-36892

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

CVE•added 2026/06/15 8:19 p.m.•18 views

CVE-2026-49769

CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:19 p.m.•25 views

CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•16 views

CVE-2026-40798

WPForo Forum plugin for WordPress <= 3.0.4 is affected by an unauthenticated SQL injection vulnerability. The CVE entry cites unauthenticated SQL Injection in wpForo Forum <= 3.0.4, with CVSSv3.1 base score 9.3 (CRITICAL) and impact TIC: Confidentiality High, Availability Low, no privileges...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•24 views

CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS0.00283EPSS

Exploits0References1

EUVD•added 2026/06/15 8:18 p.m.•6 views

EUVD-2026-36807

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1