RSS   Vulnerabilities for 'Wpforo forum'   RSS

2021-07-06
 
CVE-2021-24406

CWE-601
 

 
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)

 
2019-06-19
 
CVE-2018-16613

CWE-264
 

 
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.

 

 >>> Vendor: Gvectors 3 Products
Wpforo
Wpforo forum
Wpdiscuz


Copyright 2024, cxsecurity.com

 

Back to Top