Vulnerabilities and security researches forwp-discussion-board wp-discussion-board

Jun 06, 2024

CVE, Research URL: CVE-2023-39161
Home page URL: Security reports for Discussion Board – WordPress Forum Plugin
Application: Discussion Board – WordPress Forum Plugin
Date: Jun 04, 2024
Research Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Discussion Board Discussion Board allows Content Spoofing, Cross-Site Scripting (XSS).This issue affects Discussion Board: from n/a through 2.4.8.
Affected versions: max 2.4.9.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-8483
Home page URL: Security reports for Discussion Board – WordPress Forum Plugin
Application: Discussion Board – WordPress Forum Plugin
Date: Oct 25, 2025
Research Description: The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions: max 2.5.6.
Status: vulnerable