Unauthorized Access to Sensitive Information in wpForo Forum
CVE-2024-43289

7.5HIGH

Key Information:

Vendor: WordPress
Status: WPforo Forum
Vendor: CVE Published:; 26 August 2024

Summary

The wpForo Forum developed by gVectors Team contains a vulnerability that allows unauthorized actors to access sensitive information. This exposure is critical, particularly for users of wpForo Forum versions ranging from n/a to 2.3.4, as it can potentially lead to data breaches and misuse of personal data. Users are encouraged to update to the latest version when a fix is available and to implement appropriate security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

wpForo Forum <= 2.3.4

References

https://patchstack.com/database/vulnerability/wpforo/word...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

Ananda Dhakal (Patchstack)