Vulnerabilities > Gvectors

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-3869 Missing Authorization vulnerability in Gvectors Wpdiscuz
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3.
network
low complexity
gvectors CWE-862
5.3
2023-10-20 CVE-2023-3998 Missing Authorization vulnerability in Gvectors Wpdiscuz
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3.
network
low complexity
gvectors CWE-862
5.3
2023-07-24 CVE-2023-2309 Unspecified vulnerability in Gvectors Wpforo Forum
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.
network
low complexity
gvectors
6.1
2023-06-19 CVE-2023-33213 Unspecified vulnerability in Gvectors Wpview
Auth.
network
low complexity
gvectors
4.8
2023-06-09 CVE-2023-2249 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7.
network
low complexity
gvectors CWE-829
8.8
2023-05-28 CVE-2023-33216 Unspecified vulnerability in Gvectors Woodiscuz - Woocommerce Comments
Auth.
network
low complexity
gvectors
4.8
2022-11-18 CVE-2022-43492 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz 7.4.2
Auth.
network
low complexity
gvectors CWE-639
8.8
2022-11-17 CVE-2022-40192 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
network
low complexity
gvectors CWE-352
8.8
2022-11-17 CVE-2022-40200 Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpforo Forum
Auth.
network
low complexity
gvectors CWE-434
8.8
2022-11-08 CVE-2022-40205 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
network
low complexity
gvectors CWE-639
4.3