Vulnerabilities > Gvectors > Wpforo Forum
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2022-38055 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | 5.4 |
| 2023-11-30 | CVE-2023-47870 | Missing Authorization vulnerability in Gvectors Wpforo Forum Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. | 8.8 |
| 2023-11-30 | CVE-2023-47872 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | 5.4 |
| 2023-07-24 | CVE-2023-2309 | Unspecified vulnerability in Gvectors Wpforo Forum The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. | 6.1 |
| 2023-06-09 | CVE-2023-2249 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. | 8.8 |
| 2022-11-17 | CVE-2022-40192 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | 8.8 |
| 2022-11-17 | CVE-2022-40200 | Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpforo Forum Auth. | 8.8 |
| 2022-11-08 | CVE-2022-40205 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | 4.3 |
| 2022-11-08 | CVE-2022-40206 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | 4.3 |
| 2022-11-08 | CVE-2022-40632 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. | 5.4 |