ThreatPress

WordPress Vulnerabilities Database

Back

WordPress wpForo Forum plugin <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Product
wpForo Forum
Description
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability found by Ryan (Dewhurst Security) in WordPress wpForo Forum plugin (versions <= 1.4.11).
Solution
Update the WordPress wpForo Forum plugin to the latest available version (at least 1.4.12).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-11709
Versions
Affected In <= 1.4.11
Fixed In 1.4.12
Disclosure date
2018-06-20
Credits
Ryan (Dewhurst Security)
Submitter
ThreatPress