wpForo Forum
Tomdever
Developer
2.4.13
Latest version
20,000
Installations
No date
Last updated
Vulnerability history
0 present
26 fixed
10 Mitigation rules
- Broken Access Control vulnerability<= 2.4.10Nov 18, 2025
- Authenticated (Susbscriber+) SQL Injection vulnerability<= 2.4.9Nov 3, 2025
- Unauthenticated SQL Injection via get_members Function vulnerability<= 2.4.8Oct 25, 2025
- Insecure Direct Object References (IDOR) Vulnerability<= 2.4.6Sep 3, 2025
- Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar vulnerability<= 2.4.5Jul 9, 2025
- Privilege Escalation vulnerability<= 2.4.2Apr 2, 2025
- Authenticated (Subscriber+) Arbitrary File Read in update vulnerability<= 2.4.1Feb 27, 2025
- Unauthenticated Sensitive Data Exposure vulnerability<= 2.3.4Aug 16, 2024
- Insecure Direct Object References (IDOR) vulnerability<= 2.3.4Aug 16, 2024
- Authenticated (Contributor+) SQL Injection vulnerability<= 2.3.3Jun 3, 2024
- Cross Site Scripting (XSS) vulnerability<= 2.2.3Nov 20, 2023
- Cross Site Request Forgery (CSRF) on Sign-out vulnerability<= 2.2.8Nov 20, 2023
- Broken Access Control + CSRF vulnerability<= 2.2.5Nov 20, 2023
- Privilege Escalation vulnerability<= 2.2.3Nov 20, 2023
- Reflected Cross-Site Scripting vulnerability< 2.1.9Jul 6, 2023
- Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents vulnerability<= 2.1.7Jun 22, 2023
- Auth. HTML Injection vulnerability<= 2.0.9Dec 7, 2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.9Nov 17, 2022
- Arbitrary File Upload vulnerability<= 2.0.9Nov 9, 2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.5Sep 26, 2022
- Insecure direct object references (IDOR) vulnerability<= 2.0.5Sep 26, 2022
- Insecure direct object references (IDOR) vulnerability<= 2.0.5Sep 26, 2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.0.5Sep 8, 2022
- Open Redirect vulnerability<= 1.9.6Jun 14, 2021
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 1.4.11Jun 20, 2018
- Unauthenticated SQL Injection (SQLi) vulnerability<= 1.4.9Jun 20, 2018