Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-2249 - Wpforo Forum Plugin
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.
PLUGIN
Wpforo Forum
CVE-2023-2249
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2022-38144 - Wpforo Forum Plugin
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin
PLUGIN
Wpforo Forum
CVE-2022-38144
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24406 - Wpforo Forum Plugin
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
PLUGIN
Wpforo Forum
CVE-2021-24406
Risk Score