Vulnerabilities > Gvectors > Wpforo Forum > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-21 CVE-2022-38055 Cross-site Scripting vulnerability in Gvectors Wpforo Forum
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
network
low complexity
gvectors CWE-79
5.4
5.4
2023-11-30 CVE-2023-47872 Unspecified vulnerability in Gvectors Wpforo Forum
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
network
low complexity
gvectors
5.4
5.4
2023-07-24 CVE-2023-2309 Unspecified vulnerability in Gvectors Wpforo Forum
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.
network
low complexity
gvectors
6.1
6.1
2022-11-08 CVE-2022-40205 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
network
low complexity
gvectors CWE-639
4.3
4.3
2022-11-08 CVE-2022-40206 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
network
low complexity
gvectors CWE-639
4.3
4.3
2022-11-08 CVE-2022-40632 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
network
low complexity
gvectors CWE-352
5.4
5.4
2021-07-06 CVE-2021-24406 Unspecified vulnerability in Gvectors Wpforo Forum
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.
network
low complexity
gvectors
6.1
6.1
2018-06-04 CVE-2018-11709 Cross-site Scripting vulnerability in Gvectors Wpforo Forum
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
network
low complexity
gvectors CWE-79
6.1
6.1