Vulnerabilities > Gvectors > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-49759 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Woodiscuz - Woocommerce Comments
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.
network
low complexity
gvectors CWE-352
8.8
8.8
2023-11-30 CVE-2023-47870 Missing Authorization vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
network
low complexity
gvectors CWE-862
8.8
8.8
2023-11-22 CVE-2023-47775 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpdiscuz
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
network
low complexity
gvectors CWE-352
8.8
8.8
2023-06-09 CVE-2023-2249 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7.
network
low complexity
gvectors CWE-829
8.8
8.8
2022-11-18 CVE-2022-43492 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz 7.4.2
Auth.
network
low complexity
gvectors CWE-639
8.8
8.8
2022-11-17 CVE-2022-40192 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
network
low complexity
gvectors CWE-352
8.8
8.8
2022-11-17 CVE-2022-40200 Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpforo Forum
Auth.
network
low complexity
gvectors CWE-434
8.8
8.8
2020-08-24 CVE-2020-24186 Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpdiscuz
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
network
low complexity
gvectors CWE-434
7.5
7.5
2019-06-19 CVE-2018-16613 Unspecified vulnerability in Gvectors Wpforo Forum
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress.
network
low complexity
gvectors
7.5
7.5