Tomdever Wpforo Forum
17 CVEs affecting Tomdever Wpforo Forum. Latest disclosed: 2026-06-01. Critical: 2, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3200 | Critical | 9.9 | 2024-06-01 | The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2… |
CVE-2026-42682 | Critical | 9.1 | 2026-06-01 | Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpFor… |
CVE-2026-3666 | High | 8.8 | 2026-04-04 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name… |
CVE-2026-0910 | High | 8.8 | 2026-02-11 | The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input… |
CVE-2023-2249 | High | 8.8 | 2023-06-09 | The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and includi… |
CVE-2026-6248 | High | 8.1 | 2026-04-20 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the… |
CVE-2025-31420 | High | 7.6 | 2025-04-04 | Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2… |
CVE-2026-1581 | High | 7.5 | 2026-02-19 | The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to i… |
CVE-2025-66070 | High | 7.5 | 2025-12-18 | Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… |
CVE-2025-13126 | High | 7.5 | 2025-12-14 | The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and includi… |
CVE-2025-4203 | High | 7.5 | 2025-10-25 | The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and includ… |
CVE-2026-5809 | High | 7.1 | 2026-04-11 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the… |
CVE-2026-4666 | Medium | 6.5 | 2026-04-17 | The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled… |
CVE-2025-11740 | Medium | 6.5 | 2025-11-01 | The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insuffici… |
CVE-2025-0764 | Medium | 6.5 | 2025-02-28 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class i… |
CVE-2025-4406 | Medium | 5.4 | 2025-07-10 | The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insu… |
CVE-2025-58597 | Medium | 4.3 | 2025-09-03 | Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security… |