Medium severity5.7NVD Advisory· Published Nov 30, 2023· Updated Apr 28, 2026

CVE-2023-47870

Description

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

Affected products

Gvectors/Wpforo Forum
cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
Range: <=2.2.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerabilitynvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.371
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000