Lucene search
K

472 matches found

Nuclei
Nuclei
added yesterday41 views

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

7.5CVSS6.1AI score0.01727EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday45 views

WordPress wpForo Forum < 1.9.7 - Open Redirect

WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...

6.1CVSS6.4AI score0.03379EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday77 views

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.9AI score0.00838EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.21 views

CVE-2026-57636

CVE-2026-57636 describes a Contributor SQL Injection in the WordPress wpForo Forum plugin (versions ≤ 3.0.9). Affected will be the wpForo Forum component; root cause is unsafe SQL query construction that enables SQL injection. Impact per the entry’s metrics is high: CVSS 3.1 base score 8.5, Confi...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39752

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.6 views

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/26 12:31 p.m.6 views

WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37623

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.20 views

CVE-2026-49767

CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00548EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36977

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40767

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.28 views

CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.26 views

CVE-2026-49769

CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.12 views

EUVD-2026-36892

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder