WordPress Plugin Vulnerabilities

Asgaros Forum < 3.1.0 - Subscriber+ Authorization Bypass

Description

The plugin is vulnerable to authorization bypass. This makes it possible for authenticated attackers, with subscriber-level access and above, to bypass something related to file numbers, though it is not clear exactly what this means from the original CNAs report.

Affects Plugins

Plugin icon
asgaros-forum
Fixed in 3.1.0

References

CVE
CVE-2025-32227
URL
https://patchstack.com/database/wordpress/plugin/asgaros-forum/vulnerability/wordpress-asgaros-forum-plugin-3-0-0-file-upload-numbers-bypass-vulnerability

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
20kilograma
Verified
No
WPVDB ID
39edd8a0-ae80-4eaf-8c1f-7a8efb5bb993

Timeline

Publicly Published
2025-04-07 (about 1 year ago)
Added
2025-04-15 (about 1 year ago)
Last Updated
2025-04-22 (about 1 year ago)

Other

Published
Title
Published
2024-07-24
Title
PowerPack for Beaver Builder < 2.33.1 - Contributor+ Privilege Escalation
Published
2020-01-14
Title
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
Published
2023-04-11
Title
Web Stories < 1.32 - Author+ Auth Bypass
Published
2024-06-12
Title
Download Manager < 3.2.90 - Improper Authorization via protectMediaLibrary
Published
2013-03-24
Title
Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass