📦 Wpforo Forum
by Gvectors
🔍 What is Wpforo Forum?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This SQL injection vulnerability in the wpForo Forum WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious SQL queries via the 'slug' parameter in...
CVE-2026-28562 is an unauthenticated SQL injection vulnerability in wpForo WordPress plugin versions 2.4.14 and earlier. Attackers can exploit the wpfob parameter to extract sensitive data like WordPr...
This CSRF vulnerability in the wpForo Forum WordPress plugin allows attackers to force all users to log out by tricking authenticated administrators into clicking malicious links. It affects all wpFor...
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability where administrators can inject persistent JavaScript via forum description fields. The malicious code executes when any user v...
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers can submit a va...
This vulnerability in wpForo Forum allows authenticated users to reassign all forum user groups to arbitrary WordPress roles, enabling privilege escalation. Any WordPress site running the vulnerable w...
wpForo Forum 2.4.14 contains an information disclosure vulnerability where unauthenticated attackers can access private and unapproved forum topics through the global RSS feed endpoint. This affects a...
The wpForo Forum WordPress plugin has an arbitrary file read vulnerability that allows authenticated attackers with subscriber-level access or higher to read any file on the server. This affects all v...
This vulnerability allows attackers to inject malicious scripts into wpForo Forum WordPress plugin pages through improper HTML tag neutralization. It affects all WordPress sites using wpForo Forum ver...