472 matches found
wpForo Forum <= 2.1.8 - Cross-Site Scripting
The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
wpForo Forum <= 2.4.14 - SQL Injection
wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...
WordPress wpForo Forum < 1.9.7 - Open Redirect
WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636
CVE-2026-57636 describes a Contributor SQL Injection in the WordPress wpForo Forum plugin (versions ≤ 3.0.9). Affected will be the wpForo Forum component; root cause is unsafe SQL query construction that enables SQL injection. Impact per the entry’s metrics is high: CVSS 3.1 base score 8.5, Confi...
EUVD-2026-39752
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...
EUVD-2026-37623
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49767
CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...
EUVD-2026-36977
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-49769
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
CVE-2026-40798
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
CVE-2026-40767
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
CVE-2026-49769
CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...
EUVD-2026-36892
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...