Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-09	CVE-2023-47869	Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5. network low complexity gvectors CWE-79	5.4
2024-06-21	CVE-2022-38055	Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. network low complexity gvectors CWE-79	5.4
2024-06-01	CVE-2024-3200	SQL Injection vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity gvectors CWE-89	6.5
2023-11-30	CVE-2023-47872	Unspecified vulnerability in Gvectors Wpforo Forum Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. network low complexity gvectors	5.4
2023-07-24	CVE-2023-2309	Unspecified vulnerability in Gvectors Wpforo Forum The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. network low complexity gvectors	6.1
2022-11-08	CVE-2022-40205	Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. network low complexity gvectors CWE-639	4.3
2022-11-08	CVE-2022-40206	Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. network low complexity gvectors CWE-639	4.3
2022-11-08	CVE-2022-40632	Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. network low complexity gvectors CWE-352	5.4
2021-07-06	CVE-2021-24406	Unspecified vulnerability in Gvectors Wpforo Forum The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. network low complexity gvectors	6.1
2018-06-04	CVE-2018-11709	Cross-site Scripting vulnerability in Gvectors Wpforo Forum wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. network low complexity gvectors CWE-79	6.1