What is CVE-2025-0764?

CVE-2025-0764 is a medium-severity vulnerability in Tomdever Wpforo Forum, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2025-02-28.

How severe is CVE-2025-0764?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2025-0764 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Tomdever Wpforo Forum

CVE-2025-0764

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authentic…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (30.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Tomdever Wpforo Forum — versions 0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

20142995/nuclei-templates

References

Frequently asked questions

What is CVE-2025-0764?: CVE-2025-0764 is a medium-severity vulnerability in Tomdever Wpforo Forum, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2025-02-28.
How severe is CVE-2025-0764?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2025-0764 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.