Vulnerabilities > Gvectors > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2022-38055 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | 5.4 |
| 2024-06-08 | CVE-2024-35681 | Cross-site Scripting vulnerability in Gvectors Wpdiscuz Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18. | 5.4 |
| 2024-02-01 | CVE-2023-51691 | Cross-site Scripting vulnerability in Gvectors Wpdiscuz Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12. | 4.8 |
| 2023-12-20 | CVE-2023-46311 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | 6.5 |
| 2023-11-30 | CVE-2023-47872 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | 5.4 |
| 2023-11-06 | CVE-2023-47185 | Cross-site Scripting vulnerability in Gvectors Wpdiscuz Unauth. | 6.1 |
| 2023-10-20 | CVE-2023-3869 | Missing Authorization vulnerability in Gvectors Wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. | 5.3 |
| 2023-10-20 | CVE-2023-3998 | Missing Authorization vulnerability in Gvectors Wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. | 5.3 |
| 2023-07-24 | CVE-2023-2309 | Unspecified vulnerability in Gvectors Wpforo Forum The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. | 6.1 |
| 2023-06-19 | CVE-2023-33213 | Cross-site Scripting vulnerability in Gvectors Wpview Auth. | 4.8 |