EUVD-2025-35923

The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...

CVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary fil...

CVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary fil...

CVE-2020-36706

CVE-2020-36706 affects the Simple:Press WordPress Forum Plugin. The issue is missing file type validation in the sf-uploader.php uploader (~/admin/resources/jscript/ajaxupload/sf-uploader.php), allowing arbitrary file uploads in versions up to 6.6.0 and potentially enabling remote code execution ...

Wordpress plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability

No description provided by source. remote sql injection exploit -::DESCRIPTION== WordPress forum plugin by Fredrik Fahlstad. Version: 1.7.4. exploit: 1+union+select+null,concatuserlogin,0x2f,userpass,0x2f,useremail,null,null,null,null,null+from+wpusers where id=1/ wptbvusers google: Fredrik...

WordPress Plugin WP-Forum 1.7.4 - SQL Injection

WordPress Plugin WP-Forum 1.7.4 - SQL Injection remote sql injection exploit -::DESCRIPTION== WordPress forum plugin by Fredrik Fahlstad. Version: 1.7.4. exploit: 1+union+select+null,concatuserlogin,0x2f,userpass,0x2f,useremail,null,null,null,null,null+from+wpusers where id=1/ wptbvusers google:...