Vulnerabilities > Gvectors > Wpforo Forum > 1.4.6

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-47870 Missing Authorization vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
network
low complexity
gvectors CWE-862
8.8
8.8
2023-11-30 CVE-2023-47872 Cross-site Scripting vulnerability in Gvectors Wpforo Forum
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
network
low complexity
gvectors CWE-79
5.4
5.4
2023-07-24 CVE-2023-2309 Unspecified vulnerability in Gvectors Wpforo Forum
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.
network
low complexity
gvectors
6.1
6.1
2023-06-09 CVE-2023-2249 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7.
network
low complexity
gvectors CWE-829
8.8
8.8
2022-11-17 CVE-2022-40192 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
network
low complexity
gvectors CWE-352
8.8
8.8
2022-11-17 CVE-2022-40200 Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpforo Forum
Auth.
network
low complexity
gvectors CWE-434
8.8
8.8
2022-11-08 CVE-2022-40205 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
network
low complexity
gvectors CWE-639
4.3
4.3
2022-11-08 CVE-2022-40206 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
network
low complexity
gvectors CWE-639
4.3
4.3
2022-11-08 CVE-2022-40632 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
network
low complexity
gvectors CWE-352
5.4
5.4
2021-07-06 CVE-2021-24406 Open Redirect vulnerability in Gvectors Wpforo Forum
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.
network
gvectors CWE-601
5.8
5.8