Vulnerabilities > Gvectors > Wpforo Forum

DATE CVE VULNERABILITY TITLE RISK
2024-12-09 CVE-2023-47869 Cross-site Scripting vulnerability in Gvectors Wpforo Forum
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.
network
low complexity
gvectors CWE-79
5.4
5.4
2024-08-26 CVE-2024-43289 Unspecified vulnerability in Gvectors Wpforo Forum
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
network
low complexity
gvectors
7.5
7.5
2024-08-18 CVE-2024-43288 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
network
low complexity
gvectors CWE-639
8.1
8.1
2024-06-21 CVE-2022-38055 Cross-site Scripting vulnerability in Gvectors Wpforo Forum
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
network
low complexity
gvectors CWE-79
5.4
5.4
2024-06-01 CVE-2024-3200 SQL Injection vulnerability in Gvectors Wpforo Forum
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
gvectors CWE-89
6.5
6.5
2024-05-17 CVE-2023-47868 Unspecified vulnerability in Gvectors Wpforo Forum
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
network
low complexity
gvectors
critical
 9.8
9.8
2023-11-30 CVE-2023-47870 Unspecified vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
network
low complexity
gvectors
8.8
8.8
2023-11-30 CVE-2023-47872 Unspecified vulnerability in Gvectors Wpforo Forum
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
network
low complexity
gvectors
5.4
5.4
2023-07-24 CVE-2023-2309 Unspecified vulnerability in Gvectors Wpforo Forum
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.
network
low complexity
gvectors
6.1
6.1
2023-06-09 CVE-2023-2249 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7.
network
low complexity
gvectors CWE-829
8.8
8.8