Wpforo Forum

wpforo_forum

Vendor: Gvectors • 29 CVEs

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40200 1Gvectors 1Wpforo Forum Feb 20, 2025 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2022-40192 1Gvectors 1Wpforo Forum Nov 21, 2024 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2022-40632 1Gvectors 1Wpforo Forum Nov 21, 2024 Nov 8, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
CVE-2022-40206 1Gvectors 1Wpforo Forum Feb 20, 2025 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
CVE-2022-40205 1Gvectors 1Wpforo Forum Feb 20, 2025 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
CVE-2022-38144 1Gvectors 1Wpforo Forum Apr 23, 2025 Sep 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
CVE-2021-24406 1Gvectors 1Wpforo Forum Nov 21, 2024 Jul 6, 2021 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to...Show more The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)Show less
CVE-2018-16613 1Gvectors 1Wpforo Forum Nov 21, 2024 Jun 19, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVE-2018-11709 1Gvectors 1Wpforo Forum Nov 21, 2024 Jun 4, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

Previous 12