Show filters
24 Total Results
Displaying 11-20 of 24
Sort by:
Attacker Value
Unknown

CVE-2022-40206

Disclosure Date: November 26, 2022 (last updated February 24, 2025)
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-40192

Disclosure Date: November 17, 2022 (last updated February 24, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-40200

Disclosure Date: November 09, 2022 (last updated February 24, 2025)
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-40632

Disclosure Date: September 26, 2022 (last updated February 24, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-40205

Disclosure Date: September 26, 2022 (last updated February 24, 2025)
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38144

Disclosure Date: September 08, 2022 (last updated February 24, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24406

Disclosure Date: July 06, 2021 (last updated February 22, 2025)
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-19112

Disclosure Date: June 15, 2020 (last updated February 21, 2025)
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-19109

Disclosure Date: June 15, 2020 (last updated February 21, 2025)
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-19111

Disclosure Date: June 15, 2020 (last updated February 21, 2025)
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >