Search criteria
12 vulnerabilities found for forumwp by ultimatemember
FKIE_CVE-2024-54367
Vulnerability from fkie_nvd - Published: 2024-12-16 15:15 - Updated: 2025-02-05 14:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ultimatemember | forumwp | * | |
| ultimatemember | forumwp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "59BC62F7-9CC1-4E4D-B3B9-38F29A19A9CF",
"versionEndExcluding": "2.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:pro:wordpress:*:*",
"matchCriteriaId": "D7757A5C-A178-4682-BF13-B3BF20C337BD",
"versionEndExcluding": "2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en ForumWP ForumWP permite la inyecci\u00f3n de objetos. Este problema afecta a ForumWP: desde n/a hasta 2.1.0."
}
],
"id": "CVE-2024-54367",
"lastModified": "2025-02-05T14:28:44.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-16T15:15:10.027",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-11204
Vulnerability from fkie_nvd - Published: 2024-12-06 09:15 - Updated: 2025-02-05 14:49
Severity ?
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ultimatemember | forumwp | * | |
| ultimatemember | forumwp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "5A27B3B7-8281-41DA-A88B-13AC679B7F36",
"versionEndExcluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:pro:wordpress:*:*",
"matchCriteriaId": "87F3D5D7-92A8-4674-84B4-FA2686B88CD5",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento ForumWP \u2013 Forum \u0026amp; Discussion Board para WordPress es vulnerable a ataques de Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro \u0027url\u0027 en todas las versiones hasta la 2.1.2 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"id": "CVE-2024-11204",
"lastModified": "2025-02-05T14:49:09.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-12-06T09:15:05.667",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.1/includes/admin/class-columns.php#L313"
},
{
"source": "security@wordfence.com",
"tags": [
"Release Notes"
],
"url": "https://wordpress.org/plugins/forumwp/#developers"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-10879
Vulnerability from fkie_nvd - Published: 2024-12-06 09:15 - Updated: 2025-02-05 14:48
Severity ?
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ultimatemember | forumwp | * | |
| ultimatemember | forumwp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "5A27B3B7-8281-41DA-A88B-13AC679B7F36",
"versionEndExcluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:pro:wordpress:*:*",
"matchCriteriaId": "87F3D5D7-92A8-4674-84B4-FA2686B88CD5",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg \u0026 remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento ForumWP \u2013 Forum \u0026amp; Discussion Board para WordPress es vulnerable a ataques de cross site scripting reflejado debido al uso de add_query_arg y remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 2.1.2 incluida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"id": "CVE-2024-10879",
"lastModified": "2025-02-05T14:48:55.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-12-06T09:15:05.507",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L156"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L178"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-8428
Vulnerability from fkie_nvd - Published: 2024-09-06 14:15 - Updated: 2024-09-26 21:58
Severity ?
Summary
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ultimatemember | forumwp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "03E8D778-C0D9-43CD-AAFB-EDE9631494F0",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the \u0027user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account."
},
{
"lang": "es",
"value": "El complemento ForumWP \u2013 Forum \u0026amp; Discussion Board Plugin para WordPress es vulnerable a la escalada de privilegios a trav\u00e9s de una referencia directa a objetos insegura en todas las versiones hasta la 2.0.2 incluida a trav\u00e9s de submission_form_handler debido a la falta de validaci\u00f3n en la clave controlada por el usuario \u0027user_id\u0027. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien la direcci\u00f3n de correo electr\u00f3nico de las cuentas de usuarios administrativos, lo que luego puede aprovecharse para restablecer la contrase\u00f1a de los usuarios administrativos y obtener acceso a su cuenta."
}
],
"id": "CVE-2024-8428",
"lastModified": "2024-09-26T21:58:45.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-09-06T14:15:13.823",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
CVE-2024-54367 (GCVE-0-2024-54367)
Vulnerability from cvelistv5 – Published: 2024-12-16 14:31 – Updated: 2024-12-16 16:36
VLAI?
Title
WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability
Summary
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T15:57:06.558191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:36:34.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "forumwp",
"product": "ForumWP",
"vendor": "ForumWP",
"versions": [
{
"changes": [
{
"at": "2.1.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.\u003c/p\u003e\u003cp\u003eThis issue affects ForumWP: from n/a through 2.1.0.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T14:31:33.825Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ForumWP plugin to the latest available version (at least 2.1.1)."
}
],
"value": "Update the WordPress ForumWP plugin to the latest available version (at least 2.1.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ForumWP plugin \u003c= 2.1.0 - PHP Object Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54367",
"datePublished": "2024-12-16T14:31:33.825Z",
"dateReserved": "2024-12-02T12:05:34.988Z",
"dateUpdated": "2024-12-16T16:36:34.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11204 (GCVE-0-2024-11204)
Vulnerability from cvelistv5 – Published: 2024-12-06 08:24 – Updated: 2024-12-06 14:18
VLAI?
Title
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board |
Affected:
* , ≤ 2.1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T14:08:22.120998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T14:18:25.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T08:24:57.746Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.1/includes/admin/class-columns.php#L313"
},
{
"url": "https://wordpress.org/plugins/forumwp/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T19:44:17.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board \u003c= 2.1.2 - Reflected Cross-Site Scripting via url Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11204",
"datePublished": "2024-12-06T08:24:57.746Z",
"dateReserved": "2024-11-14T00:35:11.306Z",
"dateUpdated": "2024-12-06T14:18:25.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10879 (GCVE-0-2024-10879)
Vulnerability from cvelistv5 – Published: 2024-12-06 08:24 – Updated: 2024-12-06 14:18
VLAI?
Title
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board |
Affected:
* , ≤ 2.1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T14:09:22.477381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T14:18:27.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg \u0026 remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T08:24:49.569Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L156"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L178"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T19:50:45.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board \u003c= 2.1.2 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10879",
"datePublished": "2024-12-06T08:24:49.569Z",
"dateReserved": "2024-11-05T16:36:36.081Z",
"dateUpdated": "2024-12-06T14:18:27.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8428 (GCVE-0-2024-8428)
Vulnerability from cvelistv5 – Published: 2024-09-06 13:55 – Updated: 2024-09-06 14:11
VLAI?
Title
ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Summary
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
Severity ?
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board Plugin |
Affected:
* , ≤ 2.0.2
(semver)
|
Credits
wesley
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:forumwp:forumwp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forumwp",
"vendor": "forumwp",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:10:28.951912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:11:40.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the \u0027user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T13:55:18.650Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-06T01:21:28.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board Plugin \u003c= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-8428",
"datePublished": "2024-09-06T13:55:18.650Z",
"dateReserved": "2024-09-04T15:06:42.231Z",
"dateUpdated": "2024-09-06T14:11:40.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54367 (GCVE-0-2024-54367)
Vulnerability from nvd – Published: 2024-12-16 14:31 – Updated: 2024-12-16 16:36
VLAI?
Title
WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability
Summary
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T15:57:06.558191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:36:34.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "forumwp",
"product": "ForumWP",
"vendor": "ForumWP",
"versions": [
{
"changes": [
{
"at": "2.1.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.\u003c/p\u003e\u003cp\u003eThis issue affects ForumWP: from n/a through 2.1.0.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T14:31:33.825Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ForumWP plugin to the latest available version (at least 2.1.1)."
}
],
"value": "Update the WordPress ForumWP plugin to the latest available version (at least 2.1.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ForumWP plugin \u003c= 2.1.0 - PHP Object Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54367",
"datePublished": "2024-12-16T14:31:33.825Z",
"dateReserved": "2024-12-02T12:05:34.988Z",
"dateUpdated": "2024-12-16T16:36:34.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11204 (GCVE-0-2024-11204)
Vulnerability from nvd – Published: 2024-12-06 08:24 – Updated: 2024-12-06 14:18
VLAI?
Title
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board |
Affected:
* , ≤ 2.1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T14:08:22.120998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T14:18:25.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T08:24:57.746Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.1/includes/admin/class-columns.php#L313"
},
{
"url": "https://wordpress.org/plugins/forumwp/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T19:44:17.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board \u003c= 2.1.2 - Reflected Cross-Site Scripting via url Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11204",
"datePublished": "2024-12-06T08:24:57.746Z",
"dateReserved": "2024-11-14T00:35:11.306Z",
"dateUpdated": "2024-12-06T14:18:25.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10879 (GCVE-0-2024-10879)
Vulnerability from nvd – Published: 2024-12-06 08:24 – Updated: 2024-12-06 14:18
VLAI?
Title
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting
Summary
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board |
Affected:
* , ≤ 2.1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T14:09:22.477381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T14:18:27.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg \u0026 remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T08:24:49.569Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L156"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L178"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T19:50:45.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board \u003c= 2.1.2 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10879",
"datePublished": "2024-12-06T08:24:49.569Z",
"dateReserved": "2024-11-05T16:36:36.081Z",
"dateUpdated": "2024-12-06T14:18:27.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8428 (GCVE-0-2024-8428)
Vulnerability from nvd – Published: 2024-09-06 13:55 – Updated: 2024-09-06 14:11
VLAI?
Title
ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Summary
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
Severity ?
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ultimatemember | ForumWP – Forum & Discussion Board Plugin |
Affected:
* , ≤ 2.0.2
(semver)
|
Credits
wesley
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:forumwp:forumwp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forumwp",
"vendor": "forumwp",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:10:28.951912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:11:40.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ForumWP \u2013 Forum \u0026 Discussion Board Plugin",
"vendor": "ultimatemember",
"versions": [
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ForumWP \u2013 Forum \u0026 Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the \u0027user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T13:55:18.650Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-06T01:21:28.000+00:00",
"value": "Disclosed"
}
],
"title": "ForumWP \u2013 Forum \u0026 Discussion Board Plugin \u003c= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-8428",
"datePublished": "2024-09-06T13:55:18.650Z",
"dateReserved": "2024-09-04T15:06:42.231Z",
"dateUpdated": "2024-09-06T14:11:40.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}