Vulnerabilities > Gvectors
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2019-19111 | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | 6.1 |
| 2020-06-15 | CVE-2019-19110 | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | 4.8 |
| 2020-06-15 | CVE-2019-19109 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 8.8 |
| 2019-06-19 | CVE-2018-16613 | Unspecified vulnerability in Gvectors Wpforo Forum An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. | 9.8 |
| 2018-06-04 | CVE-2018-11709 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | 6.1 |
| 2018-05-28 | CVE-2018-11515 | SQL Injection vulnerability in Gvectors Wpforo The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | 9.8 |