Gvectors: >> Wpforo Forum Security Vulnerabilities
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-11-08
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-08
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-09
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
CVSS Score
6.1
EPSS Score
0.085
Published
2021-07-06
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-06-19
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
CVSS Score
6.1
EPSS Score
0.116
Published
2018-06-04
Page 3