Vulnerabilities > Gvectors > Wpforo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2019-19112 | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | 4.3 |
| 2020-06-15 | CVE-2019-19111 | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | 4.3 |
| 2020-06-15 | CVE-2019-19109 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 6.8 |
| 2018-05-28 | CVE-2018-11515 | SQL Injection vulnerability in Gvectors Wpforo The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | 5.0 |