Vulnerabilities > Gvectors > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-09 | CVE-2023-47869 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5. | 5.4 |
| 2024-06-21 | CVE-2022-38055 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | 5.4 |
| 2024-06-08 | CVE-2024-35681 | Unspecified vulnerability in Gvectors Wpdiscuz Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18. | 5.4 |
| 2024-06-01 | CVE-2024-3200 | SQL Injection vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-02-01 | CVE-2023-51691 | Unspecified vulnerability in Gvectors Wpdiscuz Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12. | 4.8 |
| 2023-12-20 | CVE-2023-46311 | Unspecified vulnerability in Gvectors Wpdiscuz Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | 6.5 |
| 2023-11-30 | CVE-2023-47872 | Unspecified vulnerability in Gvectors Wpforo Forum Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | 5.4 |
| 2023-11-06 | CVE-2023-47185 | Unspecified vulnerability in Gvectors Wpdiscuz Unauth. | 6.1 |
| 2023-10-20 | CVE-2023-3869 | Missing Authorization vulnerability in Gvectors Wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. | 5.3 |
| 2023-10-20 | CVE-2023-3998 | Missing Authorization vulnerability in Gvectors Wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. | 5.3 |