CVE-2026-5809

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...

PT-2023-29438 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse versions prior to 3.2.0.beta2 Description: Discourse is an open source community platform. In affected versions, any user can create a topic and add arbitrary custom fields to a topic. The severity ...