wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability was due to the Plugin using the $_SERVER['REQUEST_URI'] PHP variable to create a URL string that was later output within HTML without any output encoding.
Proof of Concept
Click on the following link while using the Internet Explorer (IE) web browser, with the XSS filter disabled:
Alternatively, run the following cURL request and notice that the XSS payload is output within HTML, without any validation, or output encoding:
curl -s 'http://www.example.com/index.php/community/?"><script>alert(/XSS/)</script>' | grep "XSS"