Filtered by vendor Asgaros
Subscriptions
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12901 | 2 Asgaros, Wordpress | 2 Asgaros Forum, Wordpress | 2025-11-14 | 4.3 Medium |
| The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the subscription settings of authenticated users via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link. | ||||
| CVE-2025-11452 | 2 Asgaros, Wordpress | 2 Asgaros Forum, Wordpress | 2025-11-12 | 7.5 High |
| The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-32227 | 2 Asgaros, Wordpress | 2 Asgaros Forum, Wordpress | 2025-07-12 | 4.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0. | ||||
| CVE-2025-39514 | 1 Asgaros | 1 Asgaros Forum | 2025-06-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0. | ||||
| CVE-2024-22284 | 1 Asgaros | 1 Asgaros Forum | 2025-06-17 | 8.7 High |
| Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2. | ||||
| CVE-2023-5604 | 1 Asgaros | 1 Asgaros Forum | 2025-06-05 | 9.8 Critical |
| The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | ||||
| CVE-2024-32440 | 1 Asgaros | 1 Asgaros Forum | 2025-04-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0. | ||||
| CVE-2021-42365 | 1 Asgaros | 1 Asgaros Forum | 2025-02-13 | 4.8 Medium |
| The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2022-41608 | 1 Asgaros | 1 Asgaros Forum | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | ||||
| CVE-2022-0411 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 8.8 High |
| The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | ||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 7.2 High |
| The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | ||||
| CVE-2021-24827 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 9.8 Critical |
| The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue | ||||
Page 1 of 1.