Vulnerabilities > Gvectors > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2019-19109 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 6.8 |
| 2018-06-04 | CVE-2018-11709 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | 4.3 |
| 2018-05-28 | CVE-2018-11515 | SQL Injection vulnerability in Gvectors Wpforo The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | 5.0 |