Vulnerabilities in Tomdever
21 resultsCVE-2023-2249HIGHwpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contentsEPSS 60.8%CVE-2026-1581HIGHwpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL InjectionEPSS 1.7%CVE-2026-6248HIGHwpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File PathEPSS 0.6%CVE-2026-49767CRITICALWordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2026-0910HIGHwpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object InjectionEPSS 0.5%CVE-2026-5809HIGHwpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' ParameterEPSS 0.5%CVE-2024-3200CRITICALwpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL InjectionEPSS 0.5%CVE-2026-3666HIGHwpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post BodyEPSS 0.4%CVE-2026-49769CRITICALWordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-0764MEDIUMwpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in updateEPSS 0.3%CVE-2025-4203HIGHwpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members FunctionEPSS 0.3%CVE-2026-4666MEDIUMwpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' ParameterEPSS 0.3%CVE-2025-13126HIGHwpForo Forum <= 2.4.12 - Unauthenticated SQL InjectionEPSS 0.3%CVE-2025-58597MEDIUMWordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-42682CRITICALWordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-40767HIGHWordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-40798CRITICALWordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerabilityEPSS 0.3%CVE-2025-66070HIGHWordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-31420HIGHWordPress wpForo Forum plugin <= 2.4.2 - Privilege Escalation vulnerabilityEPSS 0.2%CVE-2025-11740MEDIUMwpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL InjectionEPSS 0.2%