EUVD-2025-203280

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

CVE-2025-13126

The CVE-2025-13126 entry concerns the wpForo Forum plugin for WordPress. It is an unauthenticated SQL Injection vulnerability disclosed for all versions up to 2.4.12, caused by insufficient escaping of post_args and topic_args in existing SQL queries, enabling an attacker to append additional SQL...

WordPress plugin wpForo Forum SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugi...

PT-2025-51145

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions prior to 2.4.13 Description The wpForo Forum plugin for WordPress is susceptible to SQL Injection. Insufficient input sanitization on user-supplied parameters and inadequate SQL query preparation allo...

Cross site scripting

Cross-site scripting XSS vulnerability in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 Itemid or 2 topic arguments...

CVE-2008-0284

Cross-site scripting XSS vulnerability in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 Itemid or 2 topic arguments...