VYPR
Vendor

Asgaros

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2024-22284HigJan 24, 2024
    risk 0.50cvss 8.7epss 0.01

    Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.

  • CVE-2025-11452HigNov 8, 2025
    risk 0.42cvss 7.5epss 0.00

    The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…

  • CVE-2025-39514MedApr 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum asgaros-forum allows Stored XSS.This issue affects Asgaros Forum: from n/a through <= 3.2.1.

  • CVE-2025-32227MedApr 10, 2025
    risk 0.28cvss 4.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.

  • CVE-2025-12901MedNov 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the…

  • CVE-2024-32440MedApr 15, 2024
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.

  • CVE-2021-42365Nov 29, 2021
    risk 0.00cvss epss 0.01

    The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web…