cleantalk
Vulnerabilities and Security Researches

wpForo Forum, CVE-2025-0764

CVE, Research URL

CVE-2025-0764

Home page URL

Security reports for wpForo Forum

Application

wpForo Forum

Published on
Feb 28, 2025
Research Description
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.
Affected versions
Min -, max 2.4.2.
Status
vulnerable
Previous vulnerability researches
wpForo Forum (CVE-2019-19109) , Jun 06, 2024
wpForo Forum (CVE-2022-40205) , Jun 06, 2024
wpForo Forum (CVE-2021-24406) , Jun 06, 2024
wpForo Forum (CVE-2022-38144) , Jun 06, 2024
wpForo Forum (CVE-2019-19112) , Jun 06, 2024
New vulnerability
Team Circle Image Slider With Lightbox (CVE-2019-25223) , Apr 09, 2025
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025