CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References1

Patchstack•added 2026/04/21 9:51 a.m.•1 views

WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dahmani Toumi pegaSUS in WordPress Plugin wpForo Forum versions 3.0.2...

5.8AI score

Exploits0Affected Software1

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS5.7AI score0.00015EPSS

Exploits0References1

EUVD•added 2026/04/11 9:30 a.m.•1 views

EUVD-2026-21676

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...

7.1CVSS5.9AI score0.00044EPSS

Exploits0References10

NVD•added 2026/04/11 8:16 a.m.•0 views

CVE-2026-5809

7.1CVSS0.00044EPSS

Exploits0References9

Positive Technologies•added 2026/04/04 12:0 a.m.•1 views

PT-2026-30347

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions up to and including 2.4.16 Description The wpForo Forum plugin for WordPress is susceptible to arbitrary file deletion due to a missing file name/path validation against path traversal sequences...

8.8CVSS6AI score0.00038EPSS

Exploits0References9

OSV•added 2026/02/28 10:16 p.m.•0 views

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

5.3CVSS5.8AI score

Exploits0References3

CNNVD•added 2026/02/28 12:0 a.m.•3 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References3

CVE•added 2026/01/23 4:47 p.m.•6 views

CVE-2018-25132

CVE-2018-25132 affects the MyBB Trending Widget Plugin 1.2. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject malicious scripts via thread titles. These payloads execute when other users view the trending widget. The provided documents consistently describe the i...

6.1CVSS5.2AI score0.00044EPSS

Exploits1References3Affected Software1

CVE•added 2025/12/18 7:22 a.m.•6 views

CVE-2025-66070

CVE-2025-66070 is a real vulnerability affecting the WordPress plugin wpForo Forum (versions <= 2.4.10). The issue is described as a Missing Authorization / Broken Access Control vulnerability that allows exploitation through improperly configured access control levels. The CVSSv3.1 base score...

7.5CVSS6.6AI score0.00043EPSS

Exploits0References1

EUVD•added 2025/12/14 6:30 a.m.•2 views

EUVD-2025-203280

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

7.5CVSS6.3AI score0.00124EPSS

Exploits0References6

Patchstack•added 2025/11/03 10:29 p.m.•5 views

WordPress wpForo Forum plugin <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection vulnerability

Authenticated Susbscriber+ SQL Injection vulnerability discovered by YCInfosec in WordPress Plugin wpForo Forum versions = 2.4.9...

6.5CVSS7.8AI score0.00032EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/25 9:32 a.m.•2 views

EUVD-2025-35923

The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...

6.3CVSS6AI score0.00104EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2008-3304

Malware in sbrugna...

4.3CVSS6.4AI score0.00475EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-12811

Malware in sbrugna...

6.1CVSS6.2AI score0.01511EPSS

Exploits0References4