wpForo Forum
Tomdever
Developer
2.4.17
Latest version
20,000
Installations
No date
Last updated
Vulnerability history
0 present
29 patched
13 Mitigation rules
- Unauthenticated Time-Based SQL Injection vulnerability<= 2.4.1420/02/2026
- Authenticated (Subscriber+) PHP Object Injection vulnerability<= 2.4.1316/02/2026
- Unauthenticated SQL Injection vulnerability<= 2.4.1216/12/2025
- Broken Access Control vulnerability<= 2.4.1018/11/2025
- Authenticated (Susbscriber+) SQL Injection vulnerability<= 2.4.903/11/2025
- Unauthenticated SQL Injection via get_members Function vulnerability<= 2.4.825/10/2025
- Insecure Direct Object References (IDOR) Vulnerability<= 2.4.603/09/2025
- Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar vulnerability<= 2.4.509/07/2025
- Privilege Escalation vulnerability<= 2.4.202/04/2025
- Authenticated (Subscriber+) Arbitrary File Read in update vulnerability<= 2.4.127/02/2025
- Unauthenticated Sensitive Data Exposure vulnerability<= 2.3.416/08/2024
- Insecure Direct Object References (IDOR) vulnerability<= 2.3.416/08/2024
- Authenticated (Contributor+) SQL Injection vulnerability<= 2.3.303/06/2024
- Cross Site Scripting (XSS) vulnerability<= 2.2.320/11/2023
- Cross Site Request Forgery (CSRF) on Sign-out vulnerability<= 2.2.820/11/2023
- Broken Access Control + CSRF vulnerability<= 2.2.520/11/2023
- Privilege Escalation vulnerability<= 2.2.320/11/2023
- Reflected Cross-Site Scripting vulnerability< 2.1.906/07/2023
- Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents vulnerability<= 2.1.722/06/2023
- Auth. HTML Injection vulnerability<= 2.0.907/12/2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.917/11/2022
- Arbitrary File Upload vulnerability<= 2.0.909/11/2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.526/09/2022
- Insecure direct object references (IDOR) vulnerability<= 2.0.526/09/2022
- Insecure direct object references (IDOR) vulnerability<= 2.0.526/09/2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.508/09/2022
- Open Redirect vulnerability<= 1.9.614/06/2021
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 1.4.1120/06/2018
- Unauthenticated SQL Injection (SQLi) vulnerability<= 1.4.920/06/2018