wpForo Forum < 2.1.0 – Arbitrary User Deletion via CSRF | CVE 2022-40192

Affects Plugins

wpforo

Fixed in 2.1.0

References

CVE

CVE-2022-40192

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

7.1 (high)

Miscellaneous

Original Researcher

dhakal_ananda

Verified

No

WPVDB ID

aef43a5c-522a-467e-a3f6-6c0461f41ba3

Timeline

Publicly Published

2022-11-17 (about 3 years ago)

Added

2022-11-18 (about 3 years ago)

Last Updated

2022-11-18 (about 3 years ago)

Other

Published

Title

Published

2024-03-25

Title

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

Published

2020-04-02

Title

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

Published

2025-01-24

Title

Job Board Manager < 2.1.60 - Cross-Site Request Forgery

Published

2025-01-31

Title

Forge – Front-End Page Builder <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting

Published

2023-05-16

Title

Contact Form by Supsystic < 1.7.25 - CSRF