The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
9.8CVSS
9.9AI Score
0.003EPSS
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
8.8CVSS
8.7AI Score
0.001EPSS
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.
4.8CVSS
4.9AI Score
0.001EPSS
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
6.1CVSS
6AI Score
0.001EPSS
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.
6.1CVSS
6AI Score
0.001EPSS