Home/Product/gvectors wpforo forum
Product

gvectors wpforo forum

29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-28562
>= 2.4.0 and < 2.4.15
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on
8.2HIGH
 CVE-2026-28561
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScrip
5.5MEDIUM
 CVE-2026-28560
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output in
5.5MEDIUM
 CVE-2026-28559
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and una
5.3MEDIUM
 CVE-2026-28558
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files
6.4MEDIUM
 CVE-2026-28557
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo userg
6.5MEDIUM
 CVE-2026-28556
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split
5.4MEDIUM
 CVE-2026-28555
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any fo
4.3MEDIUM
 CVE-2026-28554
>= 2.4.0 and < 2.4.16
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove a
4.3MEDIUM
 CVE-2025-0764
< 2.4.2
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' me
6.5MEDIUM
 CVE-2023-47869
< 2.2.6
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows C
4.3MEDIUM
 CVE-2024-43289
< 2.3.5
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo F
7.5HIGH
 CVE-2024-43288
< 2.3.5
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from
4.3MEDIUM
 CVE-2022-38055
< 2.1.0
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows C
4.3MEDIUM
 CVE-2024-3200
< 2.3.4
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all ver
9.9CRITICAL
 CVE-2023-47868
< 2.2.4
Improper Privilege Management vulnerability in wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: fr
7.3HIGH
 CVE-2023-47870
<= 2.2.6
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Requ
5.7MEDIUM
 CVE-2023-47872
<= 2.2.3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum a
6.5MEDIUM
 CVE-2023-2309
< 2.1.9
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected
6.1MEDIUM
 CVE-2023-2249
<= 2.1.7
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization i
8.8HIGH
 CVE-2022-40200
<= 2.0.9
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
9.9CRITICAL
 CVE-2022-40192
<= 2.0.9
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
7.1HIGH
 CVE-2022-40632
<= 2.0.5
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deleti
5.4MEDIUM
 CVE-2022-40206
<= 2.0.5
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subs
6.3MEDIUM
 CVE-2022-40205
<= 2.0.5
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subs
5.4MEDIUM
 CVE-2022-38144
<= 2.0.5
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
8.8HIGH
 CVE-2021-24406
< 1.9.7
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading
6.1MEDIUM
 CVE-2018-16613
< 1.5.2
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able t
9.8CRITICAL
 CVE-2018-11709
< 1.4.12
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh