GCVE - cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:free:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ultimatemember:forumwp:*:*:*:*:free:wordpress:*:*

part: a version: * update: *

Vendor	Ultimatemember (`4cb2e013-80b8-5c05-9175-afdf7485b99d`)
Product	Forumwp (`2be70ed0-08b2-5244-808d-0e69bf51cc1d`)
Edition	*
Language	*
Software edition	free
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-54367`	vulnerable	2026-06-03 14:57:41.309874	WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability CRITICAL (9.8) Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through <= 2.1.0. Published: 2024-12-16T14:31:33.825Z Updated: 2026-04-28T16:10:50.777Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11204`	vulnerable	2026-06-03 14:54:13.657238	ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter MEDIUM (6.1) The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Published: 2024-12-06T08:24:57.746Z Updated: 2026-04-08T17:23:58.121Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=cve https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.1/includes/admin/class-columns.php#L313 https://wordpress.org/plugins/forumwp/#developers https://plugins.trac.wordpress.org/changeset/3205107/forumwp/trunk/includes/admin/class-columns.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10879`	vulnerable	2026-06-03 14:54:12.808847	ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting MEDIUM (6.1) The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Published: 2024-12-06T08:24:49.569Z Updated: 2026-04-08T16:36:05.951Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L156 https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.0/includes/admin/class-emails-list-table.php#L178 https://plugins.trac.wordpress.org/changeset/3205107/forumwp/trunk/includes/admin/class-emails-list-table.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.