319 matches found
wpForo Forum <= 2.4.14 - SQL Injection
wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...
WordPress wpForo Forum < 1.9.7 - Open Redirect
WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...
wpForo Forum <= 2.1.8 - Cross-Site Scripting
The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636
CVE-2026-57636 describes a Contributor SQL Injection in the WordPress wpForo Forum plugin (versions ≤ 3.0.9). Affected will be the wpForo Forum component; root cause is unsafe SQL query construction that enables SQL injection. Impact per the entry’s metrics is high: CVSS 3.1 base score 8.5, Confi...
EUVD-2026-39752
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...
EUVD-2026-37623
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
EUVD-2026-36977
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-49769
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
CVE-2026-40798
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
CVE-2026-40767
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
EUVD-2026-36807
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
CVE-2026-40798
WPForo Forum plugin for WordPress <= 3.0.4 is affected by an unauthenticated SQL injection vulnerability. The CVE entry cites unauthenticated SQL Injection in wpForo Forum <= 3.0.4, with CVSSv3.1 base score 9.3 (CRITICAL) and impact TIC: Confidentiality High, Availability Low, no privileges...