Wpforo forum
This hub aggregates every CVE we track for Wpforo forum. Use it to gauge the current risk picture and drill into individual advisories.
other
47
CVEs tracked
7
Critical
16
High
0
In CISA KEV
Severity distribution
MEDIUM24HIGH16CRITICAL7
Monthly trend
0
2
0
0
0
1
0
1
0
1
0
0
1
0
1
1
1
2
0
11
0
4
0
5
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Wpforo forum.
- CVE-2026-49767WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability9.8
- CVE-2026-49769WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability9.8
- CVE-2026-40798WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability9.3
- CVE-2026-40767WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability7.5
- CVE-2026-42682WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability9.1
- CVE-2026-6248wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path8.1
- CVE-2026-4666wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter6.5
- CVE-2026-5809wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter7.1
- CVE-2026-3666wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body8.8
- CVE-2026-28562wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter8.2
- CVE-2026-28560wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script5.5
- CVE-2026-28561wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates5.5
- CVE-2026-28559wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed5.3
- CVE-2026-28558wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload6.4
- CVE-2026-28557wpForo Forum < 2.4.16 Privilege Escalation via Role Synchronization Handler6.5
Product normalization is registry-driven with AI assist and human review. How it works