CVE-2024-3200 — CVSS 9.9 (critical): The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up…
CVE-2018-16613 — CVSS 9.8 (critical): An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to…
CVE-2022-38144 — CVSS 8.8 (high): Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
CVE-2023-2249 — CVSS 8.8 (high): The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in…
CVE-2026-28562 — CVSS 8.2 (high): wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on…
CVE-2024-43289 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum…
CVE-2023-47868 — CVSS 7.3 (high): Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a…
CVE-2025-0764 — CVSS 6.5 (medium): The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of…
CVE-2023-47872 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows…
CVE-2026-28557 — CVSS 6.5 (medium): wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup…
CVE-2026-28558 — CVSS 6.4 (medium): wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as…
CVE-2022-40206 — CVSS 6.3 (medium): Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or…
CVE-2018-11709 — CVSS 6.1 (medium): wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated…
CVE-2021-24406 — CVSS 6.1 (medium): The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an…
CVE-2023-2309 — CVSS 6.1 (medium): The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected…
CVE-2023-47870 — CVSS 5.7 (medium): Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request…
CVE-2026-28560 — CVSS 5.5 (medium): wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an…
CVE-2026-28561 — CVSS 5.5 (medium): wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via…
CVE-2022-40205 — CVSS 5.4 (medium): Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or…
CVE-2026-28556 — CVSS 5.4 (medium): wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum…
CVE-2022-40632 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
CVE-2026-28559 — CVSS 5.3 (medium): wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved…
CVE-2022-38055 — CVSS 4.3 (medium): Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content…
CVE-2023-47869 — CVSS 4.3 (medium): Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code…
CVE-2026-28554 — CVSS 4.3 (medium): wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum…
CVE-2026-28555 — CVSS 4.3 (medium): wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic…
CVE-2024-43288 — CVSS 4.3 (medium): Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a…