Unknown Asgaros Forum vulnerabilities
4 known vulnerabilities affecting unknown/asgaros_forum.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-5604CRITICALCVSS 9.8fixed in 2.7.12023-11-27
CVE-2023-5604 [CRITICAL] CWE-94 CVE-2023-5604: The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPres
The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.
cvelistv5nvd
CVE-2022-0411HIGHCVSS 8.8≥ 2.0.0, < 2.0.02022-02-28
CVE-2022-0411 [HIGH] CWE-89 CVE-2022-0411: The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter b
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection
cvelistv5nvd
CVE-2021-25045HIGHCVSS 7.2≥ 1.15.15, < 1.15.152022-01-24
CVE-2021-25045 [HIGH] CWE-89 CVE-2021-25045: The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
cvelistv5nvd
CVE-2021-24827CRITICALCVSS 9.8PoC≥ 1.15.13, < 1.15.132021-11-08
CVE-2021-24827 [CRITICAL] CWE-89 CVE-2021-24827: The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subsc
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue
cvelistv5nvd