| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path | tomdever | wpForo Forum | High | 8.1 | 2026-04-20 18:31:33 | Deep Dive |
| CVE-2026-4666 | wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter | tomdever | wpForo Forum | Medium | 6.5 | 2026-04-17 02:25:05 | Deep Dive |
| CVE-2026-5809 | wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter | tomdever | wpForo Forum | High | 7.1 | 2026-04-11 07:40:16 | Deep Dive |
| CVE-2026-3666 | wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body | tomdever | wpForo Forum | High | 8.8 | 2026-04-04 11:16:17 | Deep Dive |
| CVE-2026-28562 | wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter | gVectors Team | wpForo Forum | High | 8.2 | 2026-02-28 21:47:42 | Deep Dive |
| CVE-2026-28561 | wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates | gVectors Team | wpForo Forum | Medium | 5.5 | 2026-02-28 21:47:41 | Deep Dive |
| CVE-2026-28560 | wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script | gVectors Team | wpForo Forum | Medium | 5.5 | 2026-02-28 21:47:40 | Deep Dive |
| CVE-2026-28559 | wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed | gVectors Team | wpForo Forum | Medium | 5.3 | 2026-02-28 21:47:39 | Deep Dive |
| CVE-2026-28558 | wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload | gVectors Team | wpForo Forum | Medium | 6.4 | 2026-02-28 21:47:38 | Deep Dive |
| CVE-2026-28557 | wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler | gVectors Team | wpForo Forum | Medium | 6.5 | 2026-02-28 21:47:37 | Deep Dive |
| CVE-2026-28556 | wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers | gVectors Team | wpForo Forum | Medium | 5.4 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28555 | wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28554 | wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:34 | Deep Dive |
| CVE-2026-1581 | wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection | tomdever | wpForo Forum | High | 7.5 | 2026-02-19 16:24:56 | Deep Dive |
| CVE-2026-0910 | wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection | tomdever | wpForo Forum | High | 8.8 | 2026-02-11 13:25:45 | Deep Dive |
| CVE-2025-66070 | WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability | Tomdever | wpForo Forum | High | 7.5 | 2025-12-18 07:22:17 | Deep Dive |
| CVE-2025-13126 | wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection | tomdever | wpForo Forum | High | 7.5 | 2025-12-14 04:20:40 | Deep Dive |
| CVE-2025-11740 | wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection | tomdever | wpForo Forum | Medium | 6.5 | 2025-11-01 05:40:24 | Deep Dive |
| CVE-2025-4203 | wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function | tomdever | wpForo Forum | High | 7.5 | 2025-10-25 06:49:25 | Deep Dive |
| CVE-2025-58597 | WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability | Tomdever | wpForo Forum | Medium | 4.3 | 2025-09-03 14:36:38 | Deep Dive |