Gvectors CVEs and Security Vulnerabilities

Filtered by vendor Gvectors Subscriptions

Search

Switch to Advanced Search (Beta)

Total 70 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-47185	1 Gvectors	1 Wpdiscuz	2026-04-29	7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
CVE-2023-46309	1 Gvectors	1 Wpdiscuz	2026-04-29	5.3 Medium
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.
CVE-2023-45760	1 Gvectors	1 Wpdiscuz	2026-04-29	4.3 Medium
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3.
CVE-2023-47869	1 Gvectors	1 Wpforo Forum	2026-04-28	4.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.
CVE-2023-51691	1 Gvectors	1 Wpdiscuz	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.
CVE-2023-49759	1 Gvectors	1 Woodiscuz - Woocommerce Comments	2026-04-28	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.
CVE-2023-47872	1 Gvectors	1 Wpforo Forum	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
CVE-2023-47868	1 Gvectors	1 Wpforo Forum	2026-04-28	7.3 High
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
CVE-2023-47870	1 Gvectors	1 Wpforo Forum	2026-04-28	7.1 High
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
CVE-2023-46310	1 Gvectors	1 Wpdiscuz	2026-04-28	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10.
CVE-2023-46311	1 Gvectors	1 Wpdiscuz	2026-04-28	2.7 Low
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.
CVE-2023-33216	1 Gvectors	1 Woodiscuz - Woocommerce Comments	2026-04-28	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9.
CVE-2022-38055	1 Gvectors	1 Wpforo Forum	2026-04-28	4.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
CVE-2026-22199	2 Gvectors, Wordpress	2 Wpdiscuz, Wordpress	2026-04-23	7.5 High
Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise.
CVE-2026-22192	2 Gvectors, Wordpress	2 Wpdiscuz, Wordpress	2026-04-22	9.9 Critical
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
CVE-2026-22191	2 Gvectors, Wordpress	2 Wpdiscuz, Wordpress	2026-04-22	5.2 Medium
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
CVE-2026-28559	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-04-18	5.3 Medium
wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.
CVE-2026-28555	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-04-18	4.3 Medium
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.
CVE-2026-28556	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-04-18	5.4 Medium
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without moderator permissions, including relocating topics to private forums.
CVE-2026-28554	2 Gvectors, Wordpress	2 Wpforo Forum, Wordpress	2026-04-17	4.3 Medium
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation controls entirely.

Page 1 of 4. next last »