Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Gvectors Subscribe
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19111 1 Gvectors 1 Wpforo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
CVE-2019-19110 1 Gvectors 1 Wpforo 2024-11-21 3.5 LOW 4.8 MEDIUM
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.
CVE-2019-19109 1 Gvectors 1 Wpforo 2024-11-21 6.8 MEDIUM 8.8 HIGH
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
CVE-2018-16613 1 Gvectors 1 Wpforo Forum 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVE-2018-11709 1 Gvectors 1 Wpforo Forum 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
CVE-2018-11515 1 Gvectors 1 Wpforo 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
CVE-2024-9488 1 Gvectors 1 Wpdiscuz 2024-11-06 N/A 9.8 CRITICAL
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.