Vulnerabilities and security researches forasgaros-forum asgaros-forum
Direction: ascendingJun 07, 2024
Asgaros Forum # CVE-2021-24827
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 08, 2021
- Research Description
- The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2023-5604
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 27, 2023
- Research Description
- The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2021-42365
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 30, 2021
- Research Description
- The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2022-41608
- CVE, Research URL
- Home page URL
- Application
- Date
- May 22, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2022-0411
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2022
- Research Description
- The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2021-25045
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 24, 2022
- Research Description
- The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2024-32440
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 15, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Asgaros Forum # CVE-2024-22284
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 24, 2024
- Research Description
- Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 10, 2025
Asgaros Forum # CVE-2025-32227
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Asgaros Forum [asgaros-forum] <= 3.0.0 (unfixed) CVE-2025-32227
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 18, 2025
Asgaros Forum # CVE-2025-39514
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 16, 2025
- Research Description
- Asgaros Forum [asgaros-forum] <= 3.0.0 (unfixed) CVE-2025-39514 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable