Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.
8.8CVSS
8.7AI Score
0.001EPSS
The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.
9.8CVSS
9.8AI Score
0.004EPSS