Asgaros Forum Security Vulnerabilities and Issues — Asgaros Forum CVE List

Lucene search

AsgarosAsgaros Forum

10 matches found

CVE•added 2022/02/28 9:15 a.m.•184 views

CVE-2022-0411

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection

8.8CVSS8.8AI score0.01103EPSS

CVE•added 2023/11/27 5:15 p.m.•65 views

CVE-2023-5604

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.

9.8CVSS9.9AI score0.05465EPSS

CVE•added 2021/11/08 6:15 p.m.•59 views

CVE-2021-24827

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

9.8CVSS9.9AI score0.72333EPSS

CVE•added 2025/04/10 8:15 a.m.•45 views

CVE-2025-32227

Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0.

4.3CVSS7AI score0.0007EPSS

CVE•added 2022/01/24 8:15 a.m.•39 views

CVE-2021-25045

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue

7.2CVSS7.2AI score0.01151EPSS

CVE•added 2023/05/22 10:15 a.m.•39 views

CVE-2022-41608

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin

8.8CVSS7.1AI score0.00047EPSS

CVE•added 2024/04/15 8:15 a.m.•37 views

CVE-2024-32440

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.

8.8CVSS6.8AI score0.00136EPSS

CVE•added 2025/04/16 1:15 p.m.•36 views

CVE-2025-39514

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0.

6.5CVSS6.4AI score0.00045EPSS

CVE•added 2024/01/24 12:15 p.m.•34 views

CVE-2024-22284

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.

9.8CVSS9.4AI score0.0062EPSS

CVE•added 2021/11/29 7:15 p.m.•32 views

CVE-2021-42365

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to ...

4.8CVSS4.8AI score0.00423EPSS