Gvectors Wpforo_forum

29 CVEs affecting Gvectors Wpforo_forum. Latest disclosed: 2026-02-28. Critical: 3, High: 6.

Top CVEs affecting Gvectors Wpforo_forum
CVESeverityScorePublishedSummary
CVE-2024-3200Critical9.92024-06-01The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2…
CVE-2022-40200Critical9.92022-11-17Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2018-16613Critical9.82019-06-19An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the f…
CVE-2023-2249High8.82023-06-09The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and includi…
CVE-2022-38144High8.82022-09-09Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
CVE-2026-28562High8.22026-02-28wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitiz…
CVE-2024-43289High7.52024-08-26Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
CVE-2023-47868High7.32024-05-17Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
CVE-2022-40192High7.12022-11-17Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2026-28557Medium6.52026-02-28wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpf…
CVE-2025-0764Medium6.52025-02-28The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class i…
CVE-2023-47872Medium6.52023-11-30Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue a…
CVE-2026-28558Medium6.42026-02-28wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through t…
CVE-2022-40206Medium6.32022-11-08Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles t…
CVE-2023-2309Medium6.12023-07-24The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnera…
CVE-2021-24406Medium6.12021-07-06The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue aft…
CVE-2018-11709Medium6.12018-06-04wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripti…
CVE-2023-47870Medium5.72023-11-30Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functi…
CVE-2026-28561Medium5.52026-02-28wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description field…
CVE-2026-28560Medium5.52026-02-28wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block usi…