CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

Patchstack•added 2026/04/21 9:51 a.m.•1 views

WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dahmani Toumi pegaSUS in WordPress Plugin wpForo Forum versions 3.0.2...

5.8AI score

Exploits0Affected Software1

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS5.7AI score0.00015EPSS

Exploits0References1

EUVD•added 2026/04/11 9:30 a.m.•1 views

EUVD-2026-21676

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...

7.1CVSS5.9AI score0.00044EPSS

Exploits0References10

NVD•added 2026/04/11 8:16 a.m.•0 views

CVE-2026-5809

7.1CVSS0.00044EPSS

Exploits0References9

CNNVD•added 2026/02/28 12:0 a.m.•3 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References3

Patchstack•added 2025/11/03 10:29 p.m.•6 views

WordPress wpForo Forum plugin <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection vulnerability

Authenticated Susbscriber+ SQL Injection vulnerability discovered by YCInfosec in WordPress Plugin wpForo Forum versions = 2.4.9...

6.5CVSS7.8AI score0.00032EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8420

Malware in sbrugna...

9.8CVSS9.5AI score0.01445EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-43506

Malicious code in bioql PyPI...

6.3CVSS5.1AI score0.00222EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-20883

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00079EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-5499

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00121EPSS

Exploits0References3

RedhatCVE•added 2025/07/12 2:31 a.m.•4 views

CVE-2025-4406

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

5.4CVSS6AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:48 a.m.•7 views

CVE-2023-2249

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS7.2AI score0.4816EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:22 p.m.•5 views

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control...

6.1CVSS6.6AI score0.08621EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 3:20 a.m.•5 views

CVE-2018-16613

An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction...

9.8CVSS7.2AI score0.01445EPSS

Exploits0References1

Vulnrichment•added 2024/08/26 4:6 p.m.•18 views

CVE-2024-43289 WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4...

7.5CVSS6.9AI score0.00975EPSS

Exploits0References1

CNNVD•added 2024/08/18 12:0 a.m.•2 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.6AI score0.00092EPSS

Exploits0References2

Vulnrichment•added 2023/06/09 5:33 a.m.•39 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

8.8CVSS7.5AI score0.4816EPSS

Exploits1References3

Positive Technologies•added 2023/06/09 12:0 a.m.•6 views

PT-2023-18541 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin for WordPress versions up to, and including, 2.1.7 Description: The issue is due to the insecure use of file get contents without appropriate verification of the data being supplied to the function. This makes it possible...

8.8CVSS8.9AI score0.4816EPSS

Exploits1References8