CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43288 – WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-43288
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. The wpForo Forum plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-3-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43289 – WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43289
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. The wpForo Forum plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-3-4-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47868 – WordPress wpForo plugin <= 2.2.3 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-47868
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. Vulnerabilidad de gestión de privilegios incorrecta en wpForo wpForo Forum permite la escalada de privilegios. Este problema afecta a wpForo Forum: desde n/a hasta 2.2.3. The wpForo Forum plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.2.3. This is due to incorrect assignment of user permissions during registration. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47869 – wpForo Forum <= 2.2.5 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47869
The wpForo Forum plugin for WordPress is vulnerable to unauthorized control of data due to a missing capability check on an unknown function in all versions up to, and including, 2.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19112 – wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class
https://notcve.org/view.php?id=CVE-2019-19112
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. El plugin wpForo versión 1.6.5 para WordPress, permite un ataque de tipo XSS involucrando la clase wpf-dw-td-value del archivo dashboard.php • https://twitter.com/Sh0ckFR/status/1257298443527053313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •