Search Results | AttackerKB

19 Total Results

Displaying 11-19 of 19

Attacker Value

Unknown

CVE-2022-40206

Disclosure Date: November 26, 2022 (last updated December 22, 2024)

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.

Attacker Value

Unknown

CVE-2022-40192

Disclosure Date: November 17, 2022 (last updated December 22, 2024)

Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2022-40200

Disclosure Date: November 09, 2022 (last updated December 22, 2024)

Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-40632

Disclosure Date: September 26, 2022 (last updated December 22, 2024)

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2022-40205

Disclosure Date: September 26, 2022 (last updated December 22, 2024)

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-38144

Disclosure Date: September 08, 2022 (last updated October 08, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2021-24406

Disclosure Date: July 06, 2021 (last updated February 22, 2025)

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2018-16613

Disclosure Date: June 19, 2019 (last updated November 27, 2024)

An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.

Attacker Value

Unknown

CVE-2018-11709

Disclosure Date: June 04, 2018 (last updated November 26, 2024)

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

19 Total Results

Displaying 11-19 of 19

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification