Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total17
Critical0
High9
Medium8
Reset
Showing 1-17 of 17 records
Threat Entry Updated 2026-04-13

CVE-2026-5809 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without restricting which fields may contain array values. Because 'body' is included in the allowed topic fields list, an attacker can supply data[body][fileurl] with an arbitrary file path (e.g., wp-config.php or an absolute server path). This poisoned fileurl is persisted to the plugin's custom postmeta…

PLUGIN Wpforo

CVE-2026-5809

HIGH CVSS 7.1 2026-04-11
Open Full Technical Breakdown
Threat Entry Updated 2026-03-05

CVE-2026-28562 - Wpforo Plugin

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials from the WordPress database.

PLUGIN Wpforo

CVE-2026-28562

HIGH CVSS 8.8 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28561 - Wpforo Plugin

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account, attackers set a forum description containing HTML event handlers that execute when any user views the forum listing.

PLUGIN Wpforo

CVE-2026-28561

MEDIUM CVSS 4.8 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28560 - Wpforo Plugin

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break out of the JavaScript string context and execute arbitrary script in all visitors' browsers.

PLUGIN Wpforo

CVE-2026-28560

MEDIUM CVSS 4.8 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-04

CVE-2026-28557 - Wpforo Plugin

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then remap all wpForo usergroups to arbitrary WordPress roles.

PLUGIN Wpforo

CVE-2026-28557

HIGH CVSS 7.1 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28559 - Wpforo Plugin

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.

PLUGIN Wpforo

CVE-2026-28559

MEDIUM CVSS 6.9 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28556 - Wpforo Plugin

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without moderator permissions, including relocating topics to private forums.

PLUGIN Wpforo

CVE-2026-28556

MEDIUM CVSS 5.3 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28555 - Wpforo Plugin

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.

PLUGIN Wpforo

CVE-2026-28555

MEDIUM CVSS 5.3 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28558 - Wpforo Plugin

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the browsers of any user who views the attacker's profile page.

PLUGIN Wpforo

CVE-2026-28558

MEDIUM CVSS 5.1 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-03-02

CVE-2026-28554 - Wpforo Plugin

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation controls entirely.

PLUGIN Wpforo

CVE-2026-28554

MEDIUM CVSS 5.3 2026-02-28
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-1581 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Wpforo

CVE-2026-1581

HIGH CVSS 7.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-0910 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed…

PLUGIN Wpforo

CVE-2026-0910

HIGH CVSS 8.8 2026-02-11
Open Full Technical Breakdown
Threat Entry Updated 2025-12-15

CVE-2025-13126 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Wpforo

CVE-2025-13126

HIGH CVSS 7.5 2025-12-14
Open Full Technical Breakdown
Threat Entry Updated 2025-10-27

CVE-2025-4203 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into a 'LIMIT offset,row_count' clause using esc_sql() rather than enforcing numeric values. MySQL 5.x’s grammar allows a 'PROCEDURE ANALYSE' clause immediately after a LIMIT clause. Unauthenticated attackers controlling 'row_count' can append a stored‐procedure call, enabling error‐based or time‐based blind SQL injection that can be used to extract sensitive…

PLUGIN Wpforo

CVE-2025-4203

HIGH CVSS 7.5 2025-10-25
Open Full Technical Breakdown
Threat Entry Updated 2025-07-10

CVE-2025-4406 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Wpforo

CVE-2025-4406

MEDIUM CVSS 5.4 2025-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2249 - Wpforo Plugin

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.

PLUGIN Wpforo

CVE-2023-2249

HIGH CVSS 8.8 2023-06-09
Open Full Technical Breakdown
Scroll to top