Wpforo Forum
Monthly
Authentication bypass in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote unauthenticated attackers to compromise affected sites with high impact to confidentiality, integrity, and availability. The flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and carries a CVSS 9.8 rating, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV.
Unauthenticated PHP Object Injection in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote attackers to deliver untrusted serialized payloads that are deserialized by the plugin, leading to potential remote code execution, data tampering, and full site compromise depending on available POP gadget chains. The flaw is reachable without authentication over the network and carries a vendor CVSS of 9.8; no public exploit identified at time of analysis and the issue is not currently on the CISA KEV list.
Unauthenticated SQL injection in the wpForo Forum WordPress plugin (versions 3.0.4 and earlier) allows remote attackers to inject arbitrary SQL into backend database queries without any credentials or user interaction. With a CVSS 3.1 score of 9.3 and a scope-changing vector, exploitation can expose data beyond the plugin's own context, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Unauthenticated information disclosure in the wpForo Forum WordPress plugin versions prior to 3.0.2 allows remote attackers to bypass access controls and read forum content that should be restricted. The flaw stems from improper permission preservation (CWE-281), letting unauthenticated users access data intended only for authorized members. No public exploit identified at time of analysis, but a vendor patch is available via Patchstack advisory.
Unauthenticated SQL injection in wpForo 2.4.14 allows remote attackers to extract sensitive data from WordPress databases through the wpfob parameter via blind boolean-based attacks. The vulnerability exploits inadequate sanitization of ORDER BY clause identifiers, enabling credential theft without authentication. No patch is currently available for affected installations.
wpForo Forum 2.4.14 fails to properly sanitize forum description fields, enabling authenticated administrators to store malicious JavaScript that executes in the browsers of all users viewing forum listings. On multisite installations or when admin credentials are compromised, attackers can leverage this stored XSS to conduct persistent attacks against forum users. No patch is currently available for this vulnerability.
Stored XSS in wpForo Forum 2.4.14 allows authenticated administrators to inject malicious scripts into forum slugs that execute in all visitors' browsers due to improper JSON encoding. An attacker with high-level privileges can craft a forum URL containing unescaped characters to break out of JavaScript context and achieve arbitrary script execution. No patch is currently available for this vulnerability.
wpForo Forum 2.4.14 fails to properly enforce access controls on its RSS feed endpoint, enabling unauthenticated attackers to enumerate and access private or unapproved forum topics. By omitting the forum ID parameter in RSS feed requests, attackers bypass privacy filters that would normally restrict visibility of sensitive content. This information disclosure vulnerability affects forum administrators and users who rely on topic privacy settings to protect sensitive discussions.
Stored XSS in wpForo Forum 2.4.14 allows authenticated users to inject malicious code through SVG profile avatars, which executes when other users view the attacker's profile. An authenticated attacker can leverage this to steal session tokens, redirect victims, or perform actions on their behalf with no user interaction required. No patch is currently available for this vulnerability.
Unauthorized usergroup reassignment in wpForo Forum 2.4.14 allows any authenticated user to remap all forum usergroups to arbitrary WordPress roles through a missing capability check in the wpforo_synch_roles AJAX handler. An attacker can obtain a valid nonce from the publicly accessible usergroups admin page and execute bulk privilege escalation affecting all forum users. No patch is currently available for this vulnerability.
wpForo Forum 2.4.14 fails to properly authorize topic management operations, allowing authenticated users to move, merge, or split any forum topic regardless of their moderator status. Attackers with valid subscriber accounts can reorganize forum content and relocate discussions to restricted areas without appropriate permissions. No patch is currently available for this medium-severity vulnerability.
Authenticated users in wpForo Forum 2.4.14 can manipulate forum topic states by exploiting improper authorization checks in the wpforo_close_ajax handler, allowing them to close or reopen discussions they should not have permission to modify. An attacker with subscriber privileges can craft requests with valid nonces to bypass moderator permission validation and disrupt forum operations. No patch is currently available for this vulnerability.
Insufficient authorization controls in wpForo Forum 2.4.14 enable authenticated users to manipulate forum post moderation status through the wpforo_approve_ajax handler, allowing them to approve or reject posts outside their assigned permissions. The vulnerability relies on a weak nonce-only validation that fails to verify user role authorization before processing moderation actions. While patches are not currently available, this impacts forum administrators' ability to maintain content moderation integrity on affected installations.
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Authentication bypass in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote unauthenticated attackers to compromise affected sites with high impact to confidentiality, integrity, and availability. The flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and carries a CVSS 9.8 rating, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV.
Unauthenticated PHP Object Injection in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote attackers to deliver untrusted serialized payloads that are deserialized by the plugin, leading to potential remote code execution, data tampering, and full site compromise depending on available POP gadget chains. The flaw is reachable without authentication over the network and carries a vendor CVSS of 9.8; no public exploit identified at time of analysis and the issue is not currently on the CISA KEV list.
Unauthenticated SQL injection in the wpForo Forum WordPress plugin (versions 3.0.4 and earlier) allows remote attackers to inject arbitrary SQL into backend database queries without any credentials or user interaction. With a CVSS 3.1 score of 9.3 and a scope-changing vector, exploitation can expose data beyond the plugin's own context, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Unauthenticated information disclosure in the wpForo Forum WordPress plugin versions prior to 3.0.2 allows remote attackers to bypass access controls and read forum content that should be restricted. The flaw stems from improper permission preservation (CWE-281), letting unauthenticated users access data intended only for authorized members. No public exploit identified at time of analysis, but a vendor patch is available via Patchstack advisory.
Unauthenticated SQL injection in wpForo 2.4.14 allows remote attackers to extract sensitive data from WordPress databases through the wpfob parameter via blind boolean-based attacks. The vulnerability exploits inadequate sanitization of ORDER BY clause identifiers, enabling credential theft without authentication. No patch is currently available for affected installations.
wpForo Forum 2.4.14 fails to properly sanitize forum description fields, enabling authenticated administrators to store malicious JavaScript that executes in the browsers of all users viewing forum listings. On multisite installations or when admin credentials are compromised, attackers can leverage this stored XSS to conduct persistent attacks against forum users. No patch is currently available for this vulnerability.
Stored XSS in wpForo Forum 2.4.14 allows authenticated administrators to inject malicious scripts into forum slugs that execute in all visitors' browsers due to improper JSON encoding. An attacker with high-level privileges can craft a forum URL containing unescaped characters to break out of JavaScript context and achieve arbitrary script execution. No patch is currently available for this vulnerability.
wpForo Forum 2.4.14 fails to properly enforce access controls on its RSS feed endpoint, enabling unauthenticated attackers to enumerate and access private or unapproved forum topics. By omitting the forum ID parameter in RSS feed requests, attackers bypass privacy filters that would normally restrict visibility of sensitive content. This information disclosure vulnerability affects forum administrators and users who rely on topic privacy settings to protect sensitive discussions.
Stored XSS in wpForo Forum 2.4.14 allows authenticated users to inject malicious code through SVG profile avatars, which executes when other users view the attacker's profile. An authenticated attacker can leverage this to steal session tokens, redirect victims, or perform actions on their behalf with no user interaction required. No patch is currently available for this vulnerability.
Unauthorized usergroup reassignment in wpForo Forum 2.4.14 allows any authenticated user to remap all forum usergroups to arbitrary WordPress roles through a missing capability check in the wpforo_synch_roles AJAX handler. An attacker can obtain a valid nonce from the publicly accessible usergroups admin page and execute bulk privilege escalation affecting all forum users. No patch is currently available for this vulnerability.
wpForo Forum 2.4.14 fails to properly authorize topic management operations, allowing authenticated users to move, merge, or split any forum topic regardless of their moderator status. Attackers with valid subscriber accounts can reorganize forum content and relocate discussions to restricted areas without appropriate permissions. No patch is currently available for this medium-severity vulnerability.
Authenticated users in wpForo Forum 2.4.14 can manipulate forum topic states by exploiting improper authorization checks in the wpforo_close_ajax handler, allowing them to close or reopen discussions they should not have permission to modify. An attacker with subscriber privileges can craft requests with valid nonces to bypass moderator permission validation and disrupt forum operations. No patch is currently available for this vulnerability.
Insufficient authorization controls in wpForo Forum 2.4.14 enable authenticated users to manipulate forum post moderation status through the wpforo_approve_ajax handler, allowing them to approve or reject posts outside their assigned permissions. The vulnerability relies on a weak nonce-only validation that fails to verify user role authorization before processing moderation actions. While patches are not currently available, this impacts forum administrators' ability to maintain content moderation integrity on affected installations.
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.