Forumwp

forumwp

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-54367 1Ultimatemember 1Forumwp Apr 23, 2026 Dec 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through <= 2.1.0.
CVE-2024-11204 1Ultimatemember 1Forumwp Apr 8, 2026 Dec 6, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and o...Show more The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-10879 1Ultimatemember 1Forumwp Apr 8, 2026 Dec 6, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to...Show more The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-8428 1Ultimatemember 1Forumwp Apr 8, 2026 Sep 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to...Show more The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.Show less