CVE-2025-67474
- EPSS 0.03%
- Veröffentlicht 09.12.2025 14:13:57
- Zuletzt bearbeitet 10.12.2025 22:16:29
Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.
CVE-2024-54367
- EPSS 0.38%
- Veröffentlicht 16.12.2024 15:15:10
- Zuletzt bearbeitet 05.02.2025 14:28:44
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
CVE-2024-10879
- EPSS 0.79%
- Veröffentlicht 06.12.2024 09:15:05
- Zuletzt bearbeitet 05.02.2025 14:48:55
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This m...
CVE-2024-11204
- EPSS 0.79%
- Veröffentlicht 06.12.2024 09:15:05
- Zuletzt bearbeitet 05.02.2025 14:49:09
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it ...
CVE-2024-8428
- EPSS 0.13%
- Veröffentlicht 06.09.2024 14:15:13
- Zuletzt bearbeitet 26.09.2024 21:58:45
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'us...