xenforo

Top products

The 15 most recently published vulnerabilities affecting xenforo.

• CVE-2026-35057XenForo Stored Cross-Site Scripting via Structured Text Mentions6.4Apr 1, 2026
• CVE-2026-35056XenForo Remote Code Execution via Authenticated Admin7.2Apr 1, 2026
• CVE-2026-35055XenForo Cross-Site Scripting via Lightbox in Posts6.1Apr 1, 2026
• CVE-2026-35054XenForo Stored Cross-Site Scripting via BB Code Rendering6.4Apr 1, 2026
• CVE-2025-71282XenForo Path Disclosure via open_basedir Exceptions7.5Apr 1, 2026
• CVE-2025-71281XenForo Template Method Call Restriction Bypass8.8Apr 1, 2026
• CVE-2025-71280XenForo Local Account Page Caching Information Disclosure6.2Apr 1, 2026
• CVE-2025-71279XenForo Passkey Security Bypass9.8Apr 1, 2026
• CVE-2025-71278XenForo OAuth2 Unauthorized Scope Request8.8Apr 1, 2026
• CVE-2024-58342XenForo Open Redirect via getDynamicRedirect6.3Apr 1, 2026
• CVE-2023-53904Xenforo 2.2.13 Authenticated Stored Cross-Site Scripting via Smilie Categories4.6Dec 17, 2025
• CVE-2024-38458Xenforo before 2.2.16 allows code injection.8.8Jun 16, 2024
• CVE-2024-38457Xenforo before 2.2.16 allows CSRF.8.8Jun 16, 2024
• CVE-2024-25006XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.8.1Feb 2, 2024
• CVE-2021-43032In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This p...4.8Nov 3, 2021