wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-... The wpForo + ...
https://cve.threatint.eu/CVE/CVE-2025-4224?utm_campaign=info&utm;_medium=rss&utm;_source=website
Result Details
https://cve.threatint.eu/CVE/CVE-2025-4224?utm_campaign=info&utm;_medium=rss&utm;_source=website
Result Details
CVE-2025-4224 | THREATINT
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at...
cve.threatint.eu
June 3, 2025 at 3:17 AM
wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-... The wpForo + ...
https://cve.threatint.eu/CVE/CVE-2025-4224?utm_campaign=info&utm;_medium=rss&utm;_source=website
Result Details
https://cve.threatint.eu/CVE/CVE-2025-4224?utm_campaign=info&utm;_medium=rss&utm;_source=website
Result Details
CVE-2025-4224 - WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4224
Published : June 3, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable t...
CVE ID : CVE-2025-4224
Published : June 3, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable t...
CVE-2025-4224 - WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary …
cvefeed.io
June 3, 2025 at 4:32 AM
CVE-2025-4224 - WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4224
Published : June 3, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable t...
CVE ID : CVE-2025-4224
Published : June 3, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable t...
Turn your LMS into a social learning hub! 🎓💬
LearnDash wpForo links courses with interactive forums for discussions, questions & peer support.
🔗 bit.ly/4aPlQyp
#LearnDash #wpForo #WordPressLMS #ELearningCommunity
LearnDash wpForo links courses with interactive forums for discussions, questions & peer support.
🔗 bit.ly/4aPlQyp
#LearnDash #wpForo #WordPressLMS #ELearningCommunity
December 8, 2025 at 3:00 PM
Turn your LMS into a social learning hub! 🎓💬
LearnDash wpForo links courses with interactive forums for discussions, questions & peer support.
🔗 bit.ly/4aPlQyp
#LearnDash #wpForo #WordPressLMS #ELearningCommunity
LearnDash wpForo links courses with interactive forums for discussions, questions & peer support.
🔗 bit.ly/4aPlQyp
#LearnDash #wpForo #WordPressLMS #ELearningCommunity
You can now share your thoughts on vulnerability CVE-2025-31420 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-31420
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-31420
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-31420
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
April 4, 2025 at 2:09 PM
You can now share your thoughts on vulnerability CVE-2025-31420 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-31420
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-31420
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
CVE-2025–31420: wpForo <= 2.4.2 — Authenticated Privilege Escalation
https://revan-ar.medium.com/cve-2025-31420-wpforo-2-4-2-authenticated-privilege-escalation-99b1aa7498b6?source=rss------bug_bounty-5
https://revan-ar.medium.com/cve-2025-31420-wpforo-2-4-2-authenticated-privilege-escalation-99b1aa7498b6?source=rss------bug_bounty-5
April 7, 2025 at 5:09 AM
CVE-2025–31420: wpForo <= 2.4.2 — Authenticated Privilege Escalation
https://revan-ar.medium.com/cve-2025-31420-wpforo-2-4-2-authenticated-privilege-escalation-99b1aa7498b6?source=rss------bug_bounty-5
https://revan-ar.medium.com/cve-2025-31420-wpforo-2-4-2-authenticated-privilege-escalation-99b1aa7498b6?source=rss------bug_bounty-5
wpForo Forum <= 2.4.12 - Unauthenticated SQL InjectionThe wpForo Forum plugin... The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args`...
Origin | Interest | Match
Origin | Interest | Match
CVE-2025-13126 | THREATINT
CVE-2025-13126: The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat...
cve.threatint.eu
December 14, 2025 at 5:20 AM
ID: CVE-2024-43289
CVSS V3.1: HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
nvd.nist.gov
August 26, 2024 at 4:15 PM
ID: CVE-2024-43289
CVSS V3.1: HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
@cheziceman Vu que le reCaptcha v2 est passé par certains bots sur le forum wpForo, je n'avais plus de doutes à ce sujet.
Deux contre-mesures efficaces :
- modération à priori pour les non-inscrits + validation des inscriptions par modération
- authentification multi factorielle
L'humain sera […]
Deux contre-mesures efficaces :
- modération à priori pour les non-inscrits + validation des inscriptions par modération
- authentification multi factorielle
L'humain sera […]
Original post on mastodon.social
mastodon.social
September 28, 2024 at 7:51 AM
@cheziceman Vu que le reCaptcha v2 est passé par certains bots sur le forum wpForo, je n'avais plus de doutes à ce sujet.
Deux contre-mesures efficaces :
- modération à priori pour les non-inscrits + validation des inscriptions par modération
- authentification multi factorielle
L'humain sera […]
Deux contre-mesures efficaces :
- modération à priori pour les non-inscrits + validation des inscriptions par modération
- authentification multi factorielle
L'humain sera […]
wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Functio... The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_memb...
Origin | Interest | Match
Origin | Interest | Match
CVE-2025-4203 | THREATINT
CVE-2025-4203: The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function b...
cve.threatint.eu
October 25, 2025 at 9:17 AM
ID: CVE-2022-38055
CVSS V3.1: MEDIUM
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
#security #infosec #cve-alert
nvd.nist.gov
June 21, 2024 at 4:15 PM
ID: CVE-2022-38055
CVSS V3.1: MEDIUM
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
#security #infosec #cve-alert
The wpForo Forum plugin for WordPress was graded with the Plugin Security Scorecard and got a D.
Security Scorecard for wpForo Forum Plugin for WordPress
The wpForo Forum plugin for WordPress has a security grade of D.
www.pluginvulnerabilities.com
May 6, 2025 at 8:21 PM
The wpForo Forum plugin for WordPress was graded with the Plugin Security Scorecard and got a D.
🎉 BuddyX Theme v4.9.1 Released!
Now with better FluentCart integration, improved UI, and LearnDash + wpForo compatibility fixes.
🔗 wbcomdesigns.com/cha...
#WordPress #ThemeUpdate #BuddyXTheme #WbcomDesigns
Now with better FluentCart integration, improved UI, and LearnDash + wpForo compatibility fixes.
🔗 wbcomdesigns.com/cha...
#WordPress #ThemeUpdate #BuddyXTheme #WbcomDesigns
October 30, 2025 at 5:00 PM
🎉 BuddyX Theme v4.9.1 Released!
Now with better FluentCart integration, improved UI, and LearnDash + wpForo compatibility fixes.
🔗 wbcomdesigns.com/cha...
#WordPress #ThemeUpdate #BuddyXTheme #WbcomDesigns
Now with better FluentCart integration, improved UI, and LearnDash + wpForo compatibility fixes.
🔗 wbcomdesigns.com/cha...
#WordPress #ThemeUpdate #BuddyXTheme #WbcomDesigns
You can now share your thoughts on vulnerability CVE-2025-66070 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-66070
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-66070
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-66070
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
December 18, 2025 at 8:09 AM
You can now share your thoughts on vulnerability CVE-2025-66070 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-66070
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-66070
Tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
You can now share your thoughts on vulnerability CVE-2025-4406 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-4406
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-4406
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-4406
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
July 10, 2025 at 1:53 AM
You can now share your thoughts on vulnerability CVE-2025-4406 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-4406
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-4406
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
ID: CVE-2024-43288
CVSS V3.1: MEDIUM
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
nvd.nist.gov
August 18, 2024 at 10:16 PM
ID: CVE-2024-43288
CVSS V3.1: MEDIUM
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
#security #infosec #cve-alert
You can now share your thoughts on vulnerability CVE-2025-13126 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-13126
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-13126
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-13126
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
December 14, 2025 at 4:51 AM
You can now share your thoughts on vulnerability CVE-2025-13126 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-13126
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-13126
tomdever - wpForo Forum
#vulnerabilitylookup #vulnerability #cybersecurity #bot
wpForo Forum plugin for WordPress (≤2.4.12) hit by HIGH severity SQL Injection flaw—unauthenticated attackers can steal forum data. No patch yet: use WAF & input validation. Details: https://radar.offseq.com/threat/cve-2025-13126-cwe-89-improper-neutralization-of-s-ffb42f94 #OffSeq #WordPress #SQ...
December 14, 2025 at 5:33 AM
wpForo Forum plugin for WordPress (≤2.4.12) hit by HIGH severity SQL Injection flaw—unauthenticated attackers can steal forum data. No patch yet: use WAF & input validation. Details: https://radar.offseq.com/threat/cve-2025-13126-cwe-89-improper-neutralization-of-s-ffb42f94 #OffSeq #WordPress #SQ...
CVE-2025-66070 - WordPress wpForo Forum plugin
CVE ID : CVE-2025-66070
Published : Dec. 18, 2025, 8:16 a.m. | 52 minutes ago
Description : Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security...
CVE ID : CVE-2025-66070
Published : Dec. 18, 2025, 8:16 a.m. | 52 minutes ago
Description : Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security...
CVE-2025-66070 - WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through
cvefeed.io
December 18, 2025 at 9:16 AM
CVE-2025-66070 - WordPress wpForo Forum plugin
CVE ID : CVE-2025-66070
Published : Dec. 18, 2025, 8:16 a.m. | 52 minutes ago
Description : Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security...
CVE ID : CVE-2025-66070
Published : Dec. 18, 2025, 8:16 a.m. | 52 minutes ago
Description : Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security...
CVE-2025-13126 - wpForo Forum
CVE ID : CVE-2025-13126
Published : Dec. 14, 2025, 5:15 a.m. | 1 hour, 52 minutes ago
Description : The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions ...
CVE ID : CVE-2025-13126
Published : Dec. 14, 2025, 5:15 a.m. | 1 hour, 52 minutes ago
Description : The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions ...
CVE-2025-13126 - wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection
The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for …
cvefeed.io
December 14, 2025 at 7:27 AM
CVE-2025-13126 - wpForo Forum
CVE ID : CVE-2025-13126
Published : Dec. 14, 2025, 5:15 a.m. | 1 hour, 52 minutes ago
Description : The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions ...
CVE ID : CVE-2025-13126
Published : Dec. 14, 2025, 5:15 a.m. | 1 hour, 52 minutes ago
Description : The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions ...
Transform your WordPress LMS with LearnDash wpForo!
Discover more: https://wbcomdesigns.com/downloads/learndash-wpforo/
Elevate Your E-Learning Experience with seamlessly integrating forums into your courses.
#LearnDash #wpForo #eLearning #SocialLearning #Engagement #OnlineEducation
Discover more: https://wbcomdesigns.com/downloads/learndash-wpforo/
Elevate Your E-Learning Experience with seamlessly integrating forums into your courses.
#LearnDash #wpForo #eLearning #SocialLearning #Engagement #OnlineEducation
April 26, 2024 at 3:00 AM
Transform your WordPress LMS with LearnDash wpForo!
Discover more: https://wbcomdesigns.com/downloads/learndash-wpforo/
Elevate Your E-Learning Experience with seamlessly integrating forums into your courses.
#LearnDash #wpForo #eLearning #SocialLearning #Engagement #OnlineEducation
Discover more: https://wbcomdesigns.com/downloads/learndash-wpforo/
Elevate Your E-Learning Experience with seamlessly integrating forums into your courses.
#LearnDash #wpForo #eLearning #SocialLearning #Engagement #OnlineEducation
wpForo Forum plugin (≤2.4.8) hit with HIGH severity SQL Injection (CVE-2025-4203). Unauthenticated exploit: data at risk. Update ASAP, use WAF to block malicious input. https://radar.offseq.com/threat/cve-2025-4203-cwe-89-improper-neutralization-of-sp-fb9d1208 #OffSeq #WordPress #SQLInjection
October 26, 2025 at 10:31 AM
wpForo Forum plugin (≤2.4.8) hit with HIGH severity SQL Injection (CVE-2025-4203). Unauthenticated exploit: data at risk. Update ASAP, use WAF to block malicious input. https://radar.offseq.com/threat/cve-2025-4203-cwe-89-improper-neutralization-of-sp-fb9d1208 #OffSeq #WordPress #SQLInjection