Forum
by Minibb
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5809 | Hig | 0.39 | 7.1 | 0.01 | Apr 11, 2026 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store… | ||
| CVE-2024-58292 | Med | 0.34 | — | 0.00 | Dec 11, 2025 | XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling… | ||
| CVE-2006-5054 | 0.03 | — | 0.01 | Sep 28, 2006 | SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter. | |||
| CVE-2006-3690 | 0.03 | — | 0.04 | Jul 21, 2006 | Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php. | |||
| CVE-2026-28560 | 0.00 | — | 0.00 | Feb 28, 2026 | wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped… | |||
| CVE-2026-28559 | 0.00 | — | 0.00 | Feb 28, 2026 | wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status… | |||
| CVE-2006-7153 | 0.00 | — | 0.04 | Mar 7, 2007 | PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter. |
- risk 0.39cvss 7.1epss 0.01
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store…
- risk 0.34cvss —epss 0.00
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling…
- CVE-2006-5054Sep 28, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.
- CVE-2006-3690Jul 21, 2006risk 0.03cvss —epss 0.04
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
- CVE-2026-28560Feb 28, 2026risk 0.00cvss —epss 0.00
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped…
- CVE-2026-28559Feb 28, 2026risk 0.00cvss —epss 0.00
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status…
- CVE-2006-7153Mar 7, 2007risk 0.00cvss —epss 0.04
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.