Skip to main content

Asgaros Forum

6 CVEs product

Monthly

CVE-2024-32440 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Asgaros Forum
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22284 HIGH This Week

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Asgaros Forum
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2023-5604 CRITICAL POC Act Now

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress PHP Asgaros Forum
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-0411 HIGH POC This Week

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Asgaros Forum
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-42365 MEDIUM PATCH This Month

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Asgaros Forum
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24827 CRITICAL POC PATCH THREAT Act Now

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Asgaros Forum
NVD WPScan
CVSS 3.1
9.8
EPSS
13.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Asgaros Forum
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Asgaros Forum
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress +2
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Asgaros Forum
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP +1
NVD
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Asgaros Forum
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy