Wpforo Forum
by Gvectors
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28555 | 0.00 | — | 0.00 | Feb 28, 2026 | wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement… | |||
| CVE-2026-28554 | 0.00 | — | 0.00 | Feb 28, 2026 | wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID… | |||
| CVE-2025-0764 | 0.00 | — | 0.00 | Feb 28, 2025 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level… | |||
| CVE-2024-43289 | 0.00 | — | 0.00 | Aug 26, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. | |||
| CVE-2024-43288 | 0.00 | — | 0.00 | Aug 18, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. | |||
| CVE-2023-47868 | 0.00 | — | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. |
- CVE-2026-28555Feb 28, 2026risk 0.00cvss —epss 0.00
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement…
- CVE-2026-28554Feb 28, 2026risk 0.00cvss —epss 0.00
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID…
- CVE-2025-0764Feb 28, 2025risk 0.00cvss —epss 0.00
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level…
- CVE-2024-43289Aug 26, 2024risk 0.00cvss —epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
- CVE-2024-43288Aug 18, 2024risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
- CVE-2023-47868May 17, 2024risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
Page 2 of 2