Gvectors: Security Vulnerabilities
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-06-15
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-06-15
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-15
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-15
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-06-19
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
CVSS Score
6.1
EPSS Score
0.068
Published
2018-06-04
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-05-28
Page 5