Every CVE whose affected-product data names Asgaros Asgaros Forum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-5604 — CVSS 9.8 (critical): The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set…
CVE-2021-24827 — CVSS 9.8 (critical): The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a…
CVE-2022-0411 — CVSS 8.8 (high): The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a…
CVE-2024-22284 — CVSS 8.7 (high): Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.
CVE-2021-25045 — CVSS 7.2 (high): The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement…
CVE-2022-41608 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.
CVE-2021-42365 — CVSS 4.8 (medium): The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found…
CVE-2024-32440 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.