FKIE_CVE-2025-0764

Vulnerability from fkie_nvd - Published: 2025-02-28 07:15 - Updated: 2025-03-06 17:57
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset/3245711/wpforoPatch
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=cveThird Party Advisory
Impacted products
Vendor Product Version
gvectors wpforo_forum *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "0A8C5320-0C88-4BF0-B458-9CB0EC6057AC",
              "versionEndExcluding": "2.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the \u0027update\u0027 method of the \u0027Members\u0027 class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server."
    },
    {
      "lang": "es",
      "value": "El complemento wpForo Forum para WordPress es vulnerable a la lectura arbitraria de archivos debido a una validaci\u00f3n de entrada insuficiente en el m\u00e9todo \u0027update\u0027 de la clase \u0027Members\u0027 en todas las versiones hasta la 2.4.1 incluida. Esto hace posible que atacantes autenticados, con privilegios de nivel de suscriptor o superiores, lean archivos arbitrarios en el servidor."
    }
  ],
  "id": "CVE-2025-0764",
  "lastModified": "2025-03-06T17:57:14.677",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security@wordfence.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-28T07:15:33.863",
  "references": [
    {
      "source": "security@wordfence.com",
      "tags": [
        "Patch"
      ],
      "url": "https://plugins.trac.wordpress.org/changeset/3245711/wpforo"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.