WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

wpForo Forum

2022-11-26
wpForo Forum < 2.0.6 - Subscriber+ Forum Post Set as Private/Public via IDOR
Fixed in version 2.0.6
2022-11-17
wpForo Forum < 2.1.0 - Arbitrary User Deletion via CSRF
Fixed in version 2.1.0
2022-11-09
wpForo Forum < 2.1.0 - Subscriber+ Arbitrary File Upload
Fixed in version 2.1.0
2022-09-26
wpForo Forum < 2.0.6 - Subscriber+ Forum Post Set as Solved/Unsolved via IDOR
Fixed in version 2.0.6
2022-09-26
wpForo Forum < 2.0.6 - Topic Deletion via CSRF
Fixed in version 2.0.6
2022-09-08
wpForo Forum < 2.0.6 - Cross-Site Request Forgery
Fixed in version 2.0.6
2021-06-14
wpForo Forum < 1.9.7 - Open Redirect
Fixed in version 1.9.7
2020-05-04
wpForo < 1.7.0 - New Users Set as Admin via CSRF
Fixed in version 1.7.0
2020-05-04
wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter
Fixed in version 1.7.0
2020-05-04
wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via langid Parameter
Fixed in version 1.7.0
2020-05-04
wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via User Agent
Fixed in version 1.7.0
2018-09-06
wpForo < 1.5.2 - Privilege Escalation
Fixed in version 1.5.2
2018-06-01
wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Fixed in version 1.4.12
2018-05-27
wpForo Forum <= 1.4.9 - Unauthenticated SQL Injection
Fixed in version 1.4.11