Wpforo Forum
Approved changes feed: RSS · Atom
cpe:2.3:a:gvectors:wpforo_forum:2.4.15:*:*:*:*:*:*:*
part: a version: 2.4.15 update: *
| Vendor | Gvectors (fd5aa5f3-051e-5ac8-8b58-45b407504537) |
|---|---|
| Product | Wpforo Forum (a78400eb-eb61-50e8-9eae-3b78324fef98) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-28562 |
not_vulnerable | 2026-06-08 07:55:15.480324 |
wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter
HIGH (8.2)
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials from the WordPress database.
Published: 2026-02-28T21:47:41.769Z
Updated: 2026-05-11T23:11:41.916Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.