Wpforo Forum

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-66070	WordPress Wpforo	Hig	0.49	7.5	Dec 18, 2025	Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
CVE-2025-31420	WordPress Wpforo	Hig	0.49	7.6	Apr 4, 2025	Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2.4.2.
CVE-2025-58597	WordPress Wpforo	Med	0.28	4.3	Sep 3, 2025	Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6.
CVE-2025-0764	Tomdever Wpforo Forum		0.00	—	Feb 28, 2025	The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.

CVE-2025-66070HigDec 18, 2025
WordPress
Wpforo
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
CVE-2025-31420HigApr 4, 2025
WordPress
Wpforo
risk 0.49cvss 7.6epss 0.00
Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2.4.2.
CVE-2025-58597MedSep 3, 2025
WordPress
Wpforo
risk 0.28cvss 4.3epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6.
CVE-2025-0764Feb 28, 2025
Tomdever
Wpforo Forum
risk 0.00cvss —epss 0.00
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.