124 matches found
CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49769
CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...
CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...
WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dahmani Toumi pegaSUS in WordPress Plugin wpForo Forum versions 3.0.2...
CVE-2026-4666
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...
EUVD-2026-21676
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...
CVE-2026-5809
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...
PT-2026-30347
Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions up to and including 2.4.16 Description The wpForo Forum plugin for WordPress is susceptible to arbitrary file deletion due to a missing file name/path validation against path traversal sequences...
CVE-2026-28559
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...
WordPress plugin wpForo Forum 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2018-25132
CVE-2018-25132 affects the MyBB Trending Widget Plugin 1.2. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject malicious scripts via thread titles. These payloads execute when other users view the trending widget. The provided documents consistently describe the i...
CVE-2025-66070
CVE-2025-66070 is a real vulnerability affecting the WordPress plugin wpForo Forum (versions <= 2.4.10). The issue is described as a Missing Authorization / Broken Access Control vulnerability that allows exploitation through improperly configured access control levels. The CVSSv3.1 base score...
EUVD-2025-203280
The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
WordPress wpForo Forum plugin <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection vulnerability
Authenticated Susbscriber+ SQL Injection vulnerability discovered by YCInfosec in WordPress Plugin wpForo Forum versions = 2.4.9...
EUVD-2025-35923
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...
EUVD-2021-12811
Malware in sbrugna...
EUVD-2013-0747
Malware in sbrugna...
EUVD-2013-0746
Malware in sbrugna...