Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tomdever — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting tomdever. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by tomdever:wpForo Forum
CVE IDTitleCVSSSeverityPublished
CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path — wpForo ForumCWE-22 8.1 High2026-04-20
CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter — wpForo ForumCWE-862 6.5 Medium2026-04-17
CVE-2026-5809 wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter — wpForo ForumCWE-73 7.1 High2026-04-11
CVE-2026-3666 wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body — wpForo ForumCWE-22 8.8 High2026-04-04
CVE-2026-1581 wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection — wpForo ForumCWE-89 7.5 High2026-02-19
CVE-2026-0910 wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection — wpForo ForumCWE-502 8.8 High2026-02-11
CVE-2025-66070 WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability — wpForo ForumCWE-862 7.5 High2025-12-18
CVE-2025-13126 wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection — wpForo ForumCWE-89 7.5 High2025-12-14
CVE-2025-11740 wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection — wpForo ForumCWE-89 6.5 Medium2025-11-01
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function — wpForo ForumCWE-89 7.5 High2025-10-25
CVE-2025-58597 WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability — wpForo ForumCWE-639 4.3 Medium2025-09-03
CVE-2025-4406 wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar — wpForo ForumCWE-79 5.4 Medium2025-07-10
CVE-2025-31420 WordPress wpForo Forum plugin <= 2.4.2 - Privilege Escalation vulnerability — wpForo ForumCWE-266 8.8AIHighAI2025-04-04
CVE-2025-0764 wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update — wpForo ForumCWE-20 6.5 Medium2025-02-28
CVE-2023-47869 WordPress wpForo plugin <= 2.2.5 - Broken Access Control + CSRF vulnerability — wpForo ForumCWE-80 4.3 Medium2024-12-09
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection — wpForo ForumCWE-89 9.9 Critical2024-06-01
CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents — wpForo ForumCWE-98 8.8 High2023-06-09

This page lists every published CVE security advisory associated with tomdever. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.