| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28557 | wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler | gVectors Team | wpForo Forum | Medium | 6.5 | 2026-02-28 21:47:37 | Deep Dive |
| CVE-2026-28556 | wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers | gVectors Team | wpForo Forum | Medium | 5.4 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28555 | wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28554 | wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:34 | Deep Dive |
| CVE-2026-1581 | wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection | tomdever | wpForo Forum | High | 7.5 | 2026-02-19 16:24:56 | Deep Dive |
| CVE-2026-0910 | wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection | tomdever | wpForo Forum | High | 8.8 | 2026-02-11 13:25:45 | Deep Dive |
| CVE-2026-25923 | Phar Deserialization leading to Arbitrary File Deletion in my little forum | My-Little-Forum | mylittleforum | - | - | 2026-02-09 21:56:03 | Deep Dive |
| CVE-2022-50910 | Beehive Forum - Account Takeover | Beehive Forum | Beehive Forum | Critical | 9.8 | 2026-01-13 22:51:51 | Deep Dive |
| CVE-2025-13746 | ForumWP – Forum & Discussion Board <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name | ultimatemember | ForumWP – Forum & Discussion Board | Medium | 6.4 | 2026-01-06 03:21:41 | Deep Dive |
| CVE-2025-66070 | WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability | Tomdever | wpForo Forum | High | 7.5 | 2025-12-18 07:22:17 | Deep Dive |
| CVE-2025-13126 | wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection | tomdever | wpForo Forum | High | 7.5 | 2025-12-14 04:20:40 | Deep Dive |
| CVE-2024-58295 | ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload | elkarte | ElkArte Forum | - | - | 2025-12-11 21:36:36 | Deep Dive |
| CVE-2024-58292 | XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates | xmbforum2 | XMB Forum | - | - | 2025-12-11 21:35:31 | Deep Dive |
| CVE-2025-12901 | Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update | asgaros | Asgaros Forum | Medium | 4.3 | 2025-11-12 04:29:10 | Deep Dive |
| CVE-2025-11452 | Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection | asgaros | Asgaros Forum | High | 7.5 | 2025-11-08 02:28:02 | Deep Dive |
| CVE-2025-11740 | wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection | tomdever | wpForo Forum | Medium | 6.5 | 2025-11-01 05:40:24 | Deep Dive |
| CVE-2025-4203 | wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function | tomdever | wpForo Forum | High | 7.5 | 2025-10-25 06:49:25 | Deep Dive |
| CVE-2025-8483 | Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | marketingfire | Discussion Board – WordPress Forum Plugin | Medium | 6.3 | 2025-10-25 06:49:24 | Deep Dive |
| CVE-2025-62606 | my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter | My-Little-Forum | mylittleforum | High | 8.8 | 2025-10-22 15:11:16 | Deep Dive |
| CVE-2025-10800 | itsourcecode Online Discussion Forum index.php sql injection | itsourcecode | Online Discussion Forum | High | 7.3 | 2025-09-22 13:32:09 | Deep Dive |