cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3200,https://securityvulnerability.io/vulnerability/CVE-2024-3200,SQL Injection Vulnerability in wpForo Forum Plugin,"The wpForo Forum plugin for WordPress is exposed to an SQL Injection vulnerability that allows authenticated users with contributor-level access and above to manipulate SQL queries via the 'slug' parameter in the 'wpforo' shortcode. This vulnerability arises from insufficient escaping of user-supplied data and inadequate preparation in the SQL query. Consequently, an attacker can append additional SQL statements to existing queries, facilitating access to sensitive information stored in the database. It is imperative for users of the wpForo Forum plugin to upgrade to the latest version to mitigate this risk.",Wordpress,WPforo Forum,9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-01T08:38:57.689Z,0
CVE-2023-2309,https://securityvulnerability.io/vulnerability/CVE-2023-2309,wpForo Forum < 2.1.9 - Reflected Cross-Site Scripting,"The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.",Wordpress,WPforo Forum,6.1,MEDIUM,0.0009800000116229057,false,,false,false,false,,false,false,2023-07-24T11:15:00.000Z,0
CVE-2023-2249,https://securityvulnerability.io/vulnerability/CVE-2023-2249,Local File Include and PHAR Deserialization in wpForo Forum Plugin for WordPress,"The wpForo Forum plugin for WordPress is susceptible to Local File Include, Server-Side Request Forgery, and PHAR Deserialization. This vulnerability arises from the improper use of file_get_contents, which lacks adequate data verification. As a result, authenticated attackers, even with minimal permissions like those of a subscriber, can exploit this flaw to access sensitive files such as wp-config.php. They may also conduct deserialization attacks that could allow remote code execution and make unauthorized requests to internal services.",Wordpress,WPforo Forum,8.8,HIGH,0.008070000447332859,false,,false,false,true,true,false,false,2023-06-09T06:16:00.000Z,0
CVE-2022-40200,https://securityvulnerability.io/vulnerability/CVE-2022-40200,WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability,Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.,Wordpress,WPforo Forum (WordPress Plugin),9.9,CRITICAL,0.0009500000160187483,false,,false,false,false,,false,false,2022-11-17T23:15:00.000Z,0
CVE-2022-40192,https://securityvulnerability.io/vulnerability/CVE-2022-40192,WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.,Wordpress,WPforo Forum (WordPress Plugin),7.1,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2022-11-17T00:00:00.000Z,0
CVE-2022-40206,https://securityvulnerability.io/vulnerability/CVE-2022-40206,WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability,Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.,Wordpress,WPforo Forum (WordPress Plugin),6.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-08T19:15:00.000Z,0
CVE-2022-40205,https://securityvulnerability.io/vulnerability/CVE-2022-40205,WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability,Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.,Wordpress,WPforo Forum (WordPress Plugin),5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-08T19:15:00.000Z,0
CVE-2022-40632,https://securityvulnerability.io/vulnerability/CVE-2022-40632,WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.,Wordpress,WPforo Forum (WordPress Plugin),5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2022-09-26T00:00:00.000Z,0
CVE-2022-38144,https://securityvulnerability.io/vulnerability/CVE-2022-38144,WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.,Wordpress,WPforo Forum (WordPress Plugin),8.8,HIGH,0.0010100000072270632,false,,false,false,false,,false,false,2022-09-09T15:15:00.000Z,0
CVE-2021-24406,https://securityvulnerability.io/vulnerability/CVE-2021-24406,wpForo Forum < 1.9.7 - Open Redirect,"The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)",Wordpress,WPforo Forum,6.1,MEDIUM,0.0013500000350177288,false,,false,false,false,,false,false,2021-07-06T11:03:32.000Z,0
CVE-2019-19111,https://securityvulnerability.io/vulnerability/CVE-2019-19111,,The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.,Wordpress,WPforo,6.1,MEDIUM,0.0013000000035390258,false,,false,false,false,,false,false,2020-06-15T13:10:49.000Z,0
CVE-2019-19110,https://securityvulnerability.io/vulnerability/CVE-2019-19110,,The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.,Wordpress,WPforo,4.8,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2020-06-15T13:10:47.000Z,0
CVE-2019-19109,https://securityvulnerability.io/vulnerability/CVE-2019-19109,,The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.,Wordpress,WPforo,8.8,HIGH,0.0040699997916817665,false,,false,false,false,,false,false,2020-06-15T13:10:44.000Z,0
CVE-2019-19112,https://securityvulnerability.io/vulnerability/CVE-2019-19112,,The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.,Wordpress,WPforo,6.1,MEDIUM,0.0013000000035390258,false,,false,false,false,,false,false,2020-06-15T13:10:41.000Z,0
CVE-2018-16613,https://securityvulnerability.io/vulnerability/CVE-2018-16613,,An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.,Wordpress,WPforo Forum,9.8,CRITICAL,0.0034000000450760126,false,,false,false,false,,false,false,2019-06-19T17:59:49.000Z,0
CVE-2018-11709,https://securityvulnerability.io/vulnerability/CVE-2018-11709,,wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.,Wordpress,WPforo Forum,6.1,MEDIUM,0.002749999985098839,false,,false,false,false,,false,false,2018-06-04T13:29:00.000Z,0
CVE-2018-11515,https://securityvulnerability.io/vulnerability/CVE-2018-11515,,The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.,Wordpress,WPforo,9.8,CRITICAL,0.003759999992325902,false,,false,false,false,,false,false,2018-05-28T14:00:00.000Z,0