VYPR

Wpforo Forum

by Gvectors

Source repositories

CVEs (26)

  • CVE-2026-28555Feb 28, 2026
    risk 0.00cvss epss 0.00

    wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement…

  • CVE-2026-28554Feb 28, 2026
    risk 0.00cvss epss 0.00

    wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID…

  • CVE-2025-0764Feb 28, 2025
    risk 0.00cvss epss 0.00

    The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2024-43289Aug 26, 2024
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.

  • CVE-2024-43288Aug 18, 2024
    risk 0.00cvss epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.

  • CVE-2023-47868May 17, 2024
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.

Page 2 of 2