cbcvebase.

Gvectors Wpforo Forum vulnerabilities

29 known vulnerabilities affecting gvectors/wpforo_forum.

Total CVEs
29
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM19

Vulnerabilities

Page 2 of 2
CVE-2026-28555P4MEDIUMCVSS 4.3≥ 2.4.0, < 2.4.162026-02-28
CVE-2026-28555 [MEDIUM] CWE-862 CVE-2026-28555: wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscri wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.
nvd
CVE-2023-47869P4MEDIUMCVSS 5.4fixed in 2.2.62024-12-09
CVE-2023-47869 [MEDIUM] CWE-80 CVE-2023-47869: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVect Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.
nvd
CVE-2022-38055P4MEDIUMCVSS 5.4fixed in 2.1.02024-06-21
CVE-2022-38055 [MEDIUM] CWE-80 CVE-2022-38055: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVect Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
nvd
CVE-2023-47872P4MEDIUMCVSS 5.4≤ 2.2.32023-11-30
CVE-2023-47872 [MEDIUM] CWE-79 CVE-2023-47872: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
nvd
CVE-2026-28560P4MEDIUMCVSS 4.8≥ 2.4.0, < 2.4.162026-02-28
CVE-2026-28560 [MEDIUM] CWE-79 CVE-2026-28560: wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injectio wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break out of the JavaScript string context and execute arbi
nvd
CVE-2022-40632P4MEDIUMCVSS 5.4≤ 2.0.52022-11-08
CVE-2022-40632 [MEDIUM] CWE-352 CVE-2022-40632: Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on Wor Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
nvd
CVE-2026-28561P4MEDIUMCVSS 4.8≥ 2.4.0, < 2.4.162026-02-28
CVE-2026-28561 [MEDIUM] CWE-79 CVE-2026-28561: wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account, attackers set a forum description containing HTML event han
nvd
CVE-2022-40205P4MEDIUMCVSS 4.3≤ 2.0.52022-11-08
CVE-2022-40205 [MEDIUM] CWE-639 CVE-2022-40205: Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPr Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
nvd
CVE-2022-40206P4MEDIUMCVSS 4.3≤ 2.0.52022-11-08
CVE-2022-40206 [MEDIUM] CWE-639 CVE-2022-40206: Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPr Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
nvd
Gvectors Wpforo Forum vulnerabilities | cvebase