Filtered by vendor Gvectors
Subscriptions
Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22204 | 2 Gvectors, Wordpress | 2 Wpdiscuz, Wordpress | 2026-03-23 | 3.7 Low |
| wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode() and passed to wp_mail() functions, enables header injection to alter email recipients or inject additional headers. | ||||
| CVE-2026-22210 | 2 Gvectors, Wordpress | 2 Wpdiscuz, Wordpress | 2026-03-23 | 4.4 Medium |
| wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary JavaScript into img and anchor tag attributes, executing code in the context of WordPress users viewing comments. | ||||
| CVE-2026-22215 | 2 Gvectors, Wordpress | 2 Wpdiscuz, Wordpress | 2026-03-23 | 4.3 Medium |
| wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler. | ||||
| CVE-2026-22216 | 2 Gvectors, Wordpress | 2 Wpdiscuz, Wordpress | 2026-03-23 | 6.5 Medium |
| wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notification emails to victim accounts. | ||||
| CVE-2022-38144 | 1 Gvectors | 1 Wpforo Forum | 2025-04-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress. | ||||
| CVE-2022-23984 | 1 Gvectors | 1 Wpdiscuz | 2025-02-20 | 3.7 Low |
| Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | ||||
| CVE-2022-43492 | 1 Gvectors | 1 Wpdiscuz | 2025-02-20 | 4.3 Medium |
| Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. | ||||
| CVE-2022-40206 | 1 Gvectors | 1 Wpforo Forum | 2025-02-20 | 6.3 Medium |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | ||||
| CVE-2022-40205 | 1 Gvectors | 1 Wpforo Forum | 2025-02-20 | 5.4 Medium |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | ||||
| CVE-2022-40200 | 1 Gvectors | 1 Wpforo Forum | 2025-02-20 | 9.9 Critical |
| Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | ||||
| CVE-2022-40632 | 1 Gvectors | 1 Wpforo Forum | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. | ||||
| CVE-2022-40192 | 1 Gvectors | 1 Wpforo Forum | 2025-02-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | ||||
| CVE-2024-43289 | 1 Gvectors | 1 Wpforo Forum | 2025-02-06 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. | ||||
| CVE-2024-43288 | 1 Gvectors | 1 Wpforo Forum | 2025-02-06 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. | ||||
| CVE-2024-35681 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18. | ||||
| CVE-2023-47775 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions. | ||||
| CVE-2023-33213 | 1 Gvectors | 1 Wpview | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions. | ||||
| CVE-2023-2309 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | 6.1 Medium |
| The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. | ||||
| CVE-2021-24806 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 4.3 Medium |
| The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment. | ||||
| CVE-2021-24737 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 4.8 Medium |
| The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||