🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Asgaros Forum

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Asgaros Forum

Information

Software Type	Plugin
Software Slug	asgaros-forum (view on wordpress.org)
Software Status	Active
Software Author	asgaros
Software Website	asgaros.com
Software Downloads	824,674
Software Active Installs	10,000
Software Record Last Updated	May 3, 2024

8 Vulnerabilities

Asgaros Forum <= 2.8.0 - Cross-Site Request Forgery

4.3

CVE-2024-32440

Apr 12, 2024

Researcher: Ananda Dhakal

Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status

9.8

CVE-2024-22284

Jan 16, 2024

Researcher: Le Ngoc Anh

Asgaros Forum <= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload

6.6

CVE-2023-5604

Dec 6, 2023

Researcher: Rafael Aristodimou

Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-41608

Nov 9, 2022

Researcher: Dhakal Ananda

Asgaros Forum < 2.0.0 - SQL Injection

8.8

CVE-2022-0411

Jan 31, 2022

Researcher: Krzysztof Zając

Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id

7.2

CVE-2021-25045

Dec 21, 2021

Researcher: Trang LKB

Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting

4.8

CVE-2021-42365

Nov 29, 2021

Researcher: Mohammed Aadhil Ashfaq

Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection

9.8

CVE-2021-24827

Oct 11, 2021

Researcher: ZhongFu Su

Title	CVE ID	CVSS	Researchers	Date
Asgaros Forum <= 2.8.0 - Cross-Site Request Forgery	CVE-2024-32440	4.3	Ananda Dhakal	April 12, 2024
Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status	CVE-2024-22284	9.8	Le Ngoc Anh	January 16, 2024
Asgaros Forum <= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload	CVE-2023-5604	6.6	Rafael Aristodimou	December 6, 2023
Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-41608	8.8	Dhakal Ananda	November 9, 2022
Asgaros Forum < 2.0.0 - SQL Injection	CVE-2022-0411	8.8	Krzysztof Zając	January 31, 2022
Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id	CVE-2021-25045	7.2	Trang LKB	December 21, 2021
Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting	CVE-2021-42365	4.8	Mohammed Aadhil Ashfaq	November 29, 2021
Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection	CVE-2021-24827	9.8	ZhongFu Su	October 11, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation