Vulnerabilities > Gvectors > Wpforo

DATE CVE VULNERABILITY TITLE RISK
2020-06-15 CVE-2019-19112 Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.
network
gvectors CWE-79
4.3
2020-06-15 CVE-2019-19111 Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
network
gvectors CWE-79
4.3
2020-06-15 CVE-2019-19110 Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.
network
gvectors CWE-79
3.5
2020-06-15 CVE-2019-19109 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
6.8
2018-05-28 CVE-2018-11515 SQL Injection vulnerability in Gvectors Wpforo
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
network
low complexity
gvectors CWE-89
5.0