EUVD-2026-9105

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

EUVD-2026-9103

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

EUVD-2026-9107

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

PT-2025-38718

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A flaw exists in itsourcecode Online Discussion Forum that could allow for remote code execution. The issue is related to a SQL injection impacting an unknown function within the...

CVE-2024-5518

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file changeprofilepicture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit ha...

PT-2023-23365 · Unknown · Sourcecodester Online Discussion Forum Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Discussion Forum Site version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file postsmanage post.php. The manipulation of the id argument leads to SQL...

CVE-2022-35921

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

WordPress Mingle Forum 1.0.33 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

Simple Machines Forum Multiple Vulnerabilities

This host has Simple Machines Forum installed which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbsimplemachinesforummultvulnapr09.nasl 4869 2016-12-29 11:01:45Z teissa $ Simple Machines Forum Multiple Vulnerabilities. Authors: Nikita MR Copyright: Copyright c 2009...

Simple Forum Version 1.10-1.11 SQL Injection

Simple Forum Version 1.10-1.11 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] Simple Forum - Version 1.10 Simple Forum - Version 1.10 - 2.1.3 Simple Forum - Version 1.11 EXPLAN= sametimes password and username in error massege for...

GL-SH Deaf Forum 6.4.4 - Local File Inclusion

GL-SH Deaf Forum 6.4.4 - Local File Inclusion GL-SH Deaf Board Version = 6.4.4 local file inclusion download: http://www.frank-karau.de/download/Deafforumversion6.4.3.zip found by: Katatafish [email protected] google dork:"2005 www.frank-karau.de" | "2006 www.frank-karau.de" exploit:...

iyzi Forum <= 1.0 Beta 3 (uye_ayrinti.asp) Remote SQL Injection

Exploit for unknown platform in category web applications =============================================================== iyzi Forum = 1.0 Beta 3 uyeayrinti.asp Remote SQL Injection ===============================================================...