| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Jul 16, 2025, 08:07:15 | Entries count: 10 | |||
|
vulnerable
|
Apr 10, 2025, 13:04:02 |
Min -
Max 3.1.0
|
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0. | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 1.5.9
|
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 2.7.1
|
The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 1.15.14
|
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 2.2.0
|
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 2.0.0
|
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 1.15.15
|
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 2.9.0
|
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0. | |
|
vulnerable
|
Jun 07, 2024, 07:06:34 |
Min -
Max 2.8.0
|
Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2. | |
|
vulnerable
|
Apr 18, 2025, 19:04:19 |
Min -
Max 3.1.0
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0. | |