cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5604,https://securityvulnerability.io/vulnerability/CVE-2023-5604,Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload,"The Asgaros Forum plugin for WordPress, prior to version 2.7.1, contains a vulnerability that permits forum administrators—who may not hold super-administrator privileges— to configure insecure settings. This misconfiguration allows unauthenticated users to upload potentially malicious files, such as .php and .phtml files. Should an attacker exploit this flaw, it could lead to remote code execution, enabling them to compromise the integrity of the WordPress site and execute arbitrary code on the server.",Wordpress,Asgaros Forum,9.8,CRITICAL,0.007790000177919865,false,,false,false,false,,false,false,2023-11-27T17:15:00.000Z,0
CVE-2022-0411,https://securityvulnerability.io/vulnerability/CVE-2022-0411,Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection,"The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection",Wordpress,Asgaros Forum,8.8,HIGH,0.0009800000116229057,false,,false,false,false,,false,false,2022-02-28T09:06:54.000Z,0
CVE-2021-25045,https://securityvulnerability.io/vulnerability/CVE-2021-25045,Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id,"The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue",Wordpress,Asgaros Forum,7.2,HIGH,0.00139999995008111,false,,false,false,false,,false,false,2022-01-24T08:01:16.000Z,0
CVE-2021-42365,https://securityvulnerability.io/vulnerability/CVE-2021-42365,Asgaros Forums <= 1.15.13 Authenticated Stored XSS,"The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.",Wordpress,Asgaros Forums,4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-11-29T00:00:00.000Z,0
CVE-2021-24827,https://securityvulnerability.io/vulnerability/CVE-2021-24827,Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection,"The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue",Wordpress,Asgaros Forum,9.8,CRITICAL,0.5035399794578552,false,,false,false,false,,false,false,2021-11-08T17:35:27.000Z,0