Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

wpForo Forum — Vulnerabilities & Security Advisories 34

All 34 CVE vulnerabilities found in wpForo Forum, with AI-generated Chinese analysis, references, and POCs.

Vendor: gVectors Team

CVE IDTitleCVSSSeverityPaused
CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path CWE-22 8.1 High2026-04-20
CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter CWE-862 6.5 Medium2026-04-17
CVE-2026-5809 wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter CWE-73 7.1 High2026-04-11
CVE-2026-3666 wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body CWE-22 8.8 High2026-04-04
CVE-2026-28562 wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter CWE-89 8.2 High2026-02-28
CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates CWE-79 5.5 Medium2026-02-28
CVE-2026-28560 wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script CWE-79 5.5 Medium2026-02-28
CVE-2026-28559 wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed CWE-200 5.3 Medium2026-02-28
CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload CWE-79 6.4 Medium2026-02-28
CVE-2026-28557 wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler CWE-862 6.5 Medium2026-02-28
CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers CWE-862 5.4 Medium2026-02-28
CVE-2026-28555 wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler CWE-862 4.3 Medium2026-02-28
CVE-2026-28554 wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler CWE-862 4.3 Medium2026-02-28
CVE-2026-1581 wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection CWE-89 7.5 High2026-02-19
CVE-2026-0910 wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection CWE-502 8.8 High2026-02-11
CVE-2025-66070 WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability CWE-862 7.5 High2025-12-18
CVE-2025-13126 wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection CWE-89 7.5 High2025-12-14
CVE-2025-11740 wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection CWE-89 6.5 Medium2025-11-01
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function CWE-89 7.5 High2025-10-25
CVE-2025-58597 WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability CWE-639 4.3 Medium2025-09-03
CVE-2025-4406 wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar CWE-79 5.4 Medium2025-07-10
CVE-2025-31420 WordPress wpForo Forum plugin <= 2.4.2 - Privilege Escalation vulnerability CWE-266 8.8AIHighAI2025-04-04
CVE-2025-0764 wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update CWE-20 6.5 Medium2025-02-28
CVE-2023-47869 WordPress wpForo plugin <= 2.2.5 - Broken Access Control + CSRF vulnerability CWE-80 4.3 Medium2024-12-09
CVE-2024-43289 WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability CWE-200 7.5 High2024-08-26
CVE-2024-43288 WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability CWE-639 4.3 Medium2024-08-18
CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability CWE-80 4.3 Medium2024-06-21
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection CWE-89 9.9 Critical2024-06-01
CVE-2023-47868 WordPress wpForo plugin <= 2.2.3 - Privilege Escalation vulnerability CWE-269 7.3 High2024-05-17
CVE-2023-47870 WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) CWE-352 7.1 High2023-11-30

All 34 known CVE vulnerabilities affecting wpForo Forum with full Chinese analysis, references, and POCs where available.