VYPR

Forum

by Minibb

CVEs (7)

  • CVE-2026-5809HigApr 11, 2026
    risk 0.39cvss 7.1epss 0.01

    The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store…

  • CVE-2024-58292MedDec 11, 2025
    risk 0.34cvss epss 0.00

    XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling…

  • CVE-2006-5054Sep 28, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.

  • CVE-2006-3690Jul 21, 2006
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.

  • CVE-2026-28560Feb 28, 2026
    risk 0.00cvss epss 0.00

    wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped…

  • CVE-2026-28559Feb 28, 2026
    risk 0.00cvss epss 0.00

    wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status…

  • CVE-2006-7153Mar 7, 2007
    risk 0.00cvss epss 0.04

    PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.