WordPress Plugin Vulnerabilities

wpForo Forum < 2.0.6 - Topic Deletion via CSRF

Description

The plugin does not have CSRF check when deletion topics, which could allow attackers to make logged in users with the appropriate privilege to perform such action via a CSRF attack

Affects Plugins

Plugin icon
wpforo
Fixed in 2.0.6

References

CVE
CVE-2022-40632

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Dhakal Ananda
Verified
No
WPVDB ID
a361c032-d8ee-4879-b0ae-a3b6f5ea4096

Timeline

Publicly Published
2022-09-26 (about 3 years ago)
Added
2022-11-08 (about 3 years ago)
Last Updated
2022-11-08 (about 3 years ago)

Other

Published
Title
Published
2024-12-14
Title
Posti Shipping < 3.10.4 - Cross-Site Request Forgery
Published
2025-03-11
Title
No Disposable Email <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-07-23
Title
Social Auto Poster < 5.3.15 - Cross-Site Request Forgery via Multiple Functions
Published
2024-10-18
Title
APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
Published
2025-04-09
Title
Easyfonts < 1.1.3 - Cross-Site Request Forgery