VYPR

Asgaros Forum

by WordPress

Source repositories

CVEs (9)

  • CVE-2024-22284HigJan 24, 2024
    risk 0.50cvss 8.7epss 0.01

    Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.

  • CVE-2025-11452HigNov 8, 2025
    risk 0.42cvss 7.5epss 0.00

    The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…

  • CVE-2025-12901MedNov 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the…

  • CVE-2024-32440MedApr 15, 2024
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.

  • CVE-2021-24827Nov 8, 2021
    risk 0.05cvss epss 0.13

    The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

  • CVE-2023-5604Nov 27, 2023
    risk 0.01cvss epss 0.02

    The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code…

  • CVE-2022-41608May 22, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.

  • CVE-2022-0411Feb 28, 2022
    risk 0.00cvss epss 0.01

    The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection

  • CVE-2021-25045Jan 24, 2022
    risk 0.00cvss epss 0.01

    The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue