cleantalk
Vulnerabilities and Security Researches

wpForo Forum, CVE-2022-40206

CVE, Research URL

CVE-2022-40206

Home page URL

Security reports for wpForo Forum

Application

wpForo Forum

Published on
Nov 09, 2022
Research Description
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
Affected versions
Min -, max 2.0.6.
Status
vulnerable
Previous vulnerability researches
wpForo Forum (CVE-2019-19109) , Jun 06, 2024
wpForo Forum (CVE-2022-40205) , Jun 06, 2024
wpForo Forum (CVE-2021-24406) , Jun 06, 2024
wpForo Forum (CVE-2022-38144) , Jun 06, 2024
wpForo Forum (CVE-2019-19112) , Jun 06, 2024
New vulnerability
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
AAWP Obfuscator (CVE-2025-3432) , Apr 09, 2025