CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

294 matches found

wpForo Forum <= 2.1.8 - Cross-Site Scripting

The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS7.1AI score0.15248EPSS

Exploits1References4

Nuclei•added 17 hours ago•29 views

WordPress wpForo Forum < 1.9.7 - Open Redirect

WordPress wpForo Forum 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. id: CVE-2021-24406 info: name: WordPress wpForo Forum 1.9.7 - Open...

6.1CVSS6.4AI score0.08621EPSS

Exploits2References4

Nuclei•added 17 hours ago•7 views

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

7.5CVSS5.8AI score0.09721EPSS

Exploits1References2

NVD•added 2 days ago•8 views

CVE-2026-42682

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS0.00039EPSS

Exploits0References1

EUVD•added 2 days ago•8 views

EUVD-2026-33655

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-42682

The CVE-2026-42682 entry concerns the WordPress wpForo Forum plugin (versions n/a through 3.0.6). A Missing Authorization vulnerability arises from broken access control with incorrectly configured access levels in the plugin, enabling unauthorized access to protected functionality. Severity is r...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References1

Cvelist•added 2 days ago•23 views

CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS0.00039EPSS

Exploits0References1

CNNVD•added 2 days ago•2 views

WordPress plugin wpForo Forum has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References1

Positive Technologies•added 2 days ago•7 views

PT-2026-45435

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References2

Patchstack•added 2026/05/18 8:59 p.m.•2 views

WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tiago Ventura @perses in WordPress Plugin wpForo Forum versions = 3.0.6...

9.1CVSS5.8AI score0.00039EPSS

Exploits0Affected Software1

Patchstack•added 2026/05/07 5:25 a.m.•1 views

WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin wpForo Forum versions = 3.0.4...

5.9AI score

Exploits0Affected Software1

Patchstack•added 2026/04/21 9:51 a.m.•1 views

WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dahmani Toumi pegaSUS in WordPress Plugin wpForo Forum versions 3.0.2...

5.8AI score

Exploits0Affected Software1

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS5.7AI score0.00015EPSS

Exploits0References1

Vulnrichment•added 2026/04/20 6:31 p.m.•0 views

CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS6.6AI score0.00505EPSS

Exploits0References5

Cvelist•added 2026/04/20 6:31 p.m.•26 views

CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path

8.1CVSS0.00505EPSS

Exploits0References5

Patchstack•added 2026/04/20 5:51 a.m.•2 views

WordPress wpForo Forum plugin <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by ? in WordPress Plugin wpForo Forum versions = 3.0.5...

8.1CVSS5.8AI score0.00505EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/20 12:0 a.m.•3 views

WordPress plugin wpForo Forum 安全漏洞

8.1CVSS6.3AI score0.00505EPSS

Exploits0References2

CVE•added 2026/04/17 2:25 a.m.•9 views

CVE-2026-4666

CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...

6.5CVSS5.8AI score0.00015EPSS

Exploits0References8

CNNVD•added 2026/04/17 12:0 a.m.•4 views

WordPress plugin wpForo Forum 安全漏洞

6.5CVSS5.8AI score0.00015EPSS

Exploits0References2

Patchstack•added 2026/04/13 9:1 a.m.•4 views

WordPress wpForo Forum plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'databodyfileurl' Parameter vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin wpForo Forum versions = 3.0.2...

7.1CVSS5.8AI score0.00044EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by