9 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. The wpForo Forum plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-3-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. The wpForo Forum plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-3-4-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. Vulnerabilidad de gestión de privilegios incorrecta en wpForo wpForo Forum permite la escalada de privilegios. Este problema afecta a wpForo Forum: desde n/a hasta 2.2.3. The wpForo Forum plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.2.3. This is due to incorrect assignment of user permissions during registration. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The wpForo Forum plugin for WordPress is vulnerable to unauthorized control of data due to a missing capability check on an unknown function in all versions up to, and including, 2.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. El plugin wpForo versión 1.6.5 para WordPress, permite un ataque de tipo XSS involucrando la clase wpf-dw-td-value del archivo dashboard.php • https://twitter.com/Sh0ckFR/status/1257298443527053313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •