Vulnerabilities > CVE-2023-47870 - Missing Authorization vulnerability in Gvectors Wpforo Forum

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gvectors

CWE-862

NVD

Published: 2023-11-30

Updated: 2023-12-06

Summary

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

Vulnerable Configurations

Part	Description	Count
Application	Gvectors Gvectors Wpforo Forum 1.0.0 Gvectors Wpforo Forum 1.0.1 Gvectors Wpforo Forum 1.0.2 Gvectors Wpforo Forum 1.1.0 Gvectors Wpforo Forum 1.1.1 Gvectors Wpforo Forum 1.1.2 Gvectors Wpforo Forum 1.2.0 Gvectors Wpforo Forum 1.3.0 Gvectors Wpforo Forum 1.3.1 Gvectors Wpforo Forum 1.4.0 Gvectors Wpforo Forum 1.4.1 Gvectors Wpforo Forum 1.4.2 Gvectors Wpforo Forum 1.4.3 Gvectors Wpforo Forum 1.4.4 Gvectors Wpforo Forum 1.4.4.1 Gvectors Wpforo Forum 1.4.5 Gvectors Wpforo Forum 1.4.6 Gvectors Wpforo Forum 1.4.7 Gvectors Wpforo Forum 1.4.8 Gvectors Wpforo Forum 1.4.9 Gvectors Wpforo Forum 1.4.10 Gvectors Wpforo Forum 1.4.11 Gvectors Wpforo Forum 1.4.12 Gvectors Wpforo Forum 1.4.13 Gvectors Wpforo Forum 1.5.0 Gvectors Wpforo Forum 1.5.1 Gvectors Wpforo Forum 1.5.2 Gvectors Wpforo Forum 1.5.3 Gvectors Wpforo Forum 1.5.4 Gvectors Wpforo Forum 1.5.5 Gvectors Wpforo Forum 1.6.0 Gvectors Wpforo Forum 1.6.1 Gvectors Wpforo Forum 1.6.2 Gvectors Wpforo Forum 1.6.3 Gvectors Wpforo Forum 1.6.4 Gvectors Wpforo Forum 1.6.5 Gvectors Wpforo Forum 1.7.0 Gvectors Wpforo Forum 1.7.1 Gvectors Wpforo Forum 1.7.2 Gvectors Wpforo Forum 1.7.3 Gvectors Wpforo Forum 1.7.4 Gvectors Wpforo Forum 1.7.5 Gvectors Wpforo Forum 1.7.6 Gvectors Wpforo Forum 1.7.7 Gvectors Wpforo Forum 1.8.0 Gvectors Wpforo Forum 1.8.1 Gvectors Wpforo Forum 1.8.2 Gvectors Wpforo Forum 1.8.3 Gvectors Wpforo Forum 1.8.4 Gvectors Wpforo Forum 1.9.0 Gvectors Wpforo Forum 1.9.1 Gvectors Wpforo Forum 1.9.2 Gvectors Wpforo Forum 1.9.3 Gvectors Wpforo Forum 1.9.4 Gvectors Wpforo Forum 1.9.5 Gvectors Wpforo Forum 1.9.6 Gvectors Wpforo Forum 1.9.7 Gvectors Wpforo Forum 1.9.8 Gvectors Wpforo Forum 1.9.9 Gvectors Wpforo Forum 1.9.9.1 Gvectors Wpforo Forum 1.9.9.2 Gvectors Wpforo Forum 2.0.1 Gvectors Wpforo Forum 2.0.2 Gvectors Wpforo Forum 2.0.3 Gvectors Wpforo Forum 2.0.4 Gvectors Wpforo Forum 2.0.5 Gvectors Wpforo Forum 2.0.6 Gvectors Wpforo Forum 2.0.7 Gvectors Wpforo Forum 2.0.8 Gvectors Wpforo Forum 2.0.9 Gvectors Wpforo Forum 2.1.0 Gvectors Wpforo Forum 2.1.1 Gvectors Wpforo Forum 2.1.2 Gvectors Wpforo Forum 2.1.3 Gvectors Wpforo Forum 2.1.4 Gvectors Wpforo Forum 2.1.5 Gvectors Wpforo Forum 2.1.6 Gvectors Wpforo Forum 2.1.7 Gvectors Wpforo Forum 2.1.8 Gvectors Wpforo Forum 2.1.9 Gvectors Wpforo Forum 2.2.0 Gvectors Wpforo Forum 2.2.1 Gvectors Wpforo Forum 2.2.2 Gvectors Wpforo Forum 2.2.3 Gvectors Wpforo Forum 2.2.4 Gvectors Wpforo Forum 2.2.5 Gvectors Wpforo Forum 2.2.6	87

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve