Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical2
High3
Medium2
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2025-11-12

CVE-2025-12901 - Asgaros Forum Plugin

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the subscription settings of authenticated users via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link.

PLUGIN Asgaros Forum

CVE-2025-12901

MEDIUM CVSS 4.3 2025-11-12
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-11452 - Asgaros Forum Plugin

The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Asgaros Forum

CVE-2025-11452

HIGH CVSS 7.5 2025-11-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5604 - Asgaros Forum Plugin

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.

PLUGIN Asgaros Forum

CVE-2023-5604

CRITICAL CVSS 9.8 2023-11-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0411 - Asgaros Forum Plugin

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection

PLUGIN Asgaros Forum

CVE-2022-0411

HIGH CVSS 8.8 2022-02-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25045 - Asgaros Forum Plugin

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue

PLUGIN Asgaros Forum

CVE-2021-25045

HIGH CVSS 7.2 2022-01-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-42365 - Asgaros Forum Plugin

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

PLUGIN Asgaros Forum

CVE-2021-42365

MEDIUM CVSS 4.8 2021-11-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24827 - Asgaros Forum Plugin

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

PLUGIN Asgaros Forum

CVE-2021-24827

CRITICAL CVSS 9.8 2021-11-08
Open Full Technical Breakdown
Scroll to top