CVE-2023-47870

MEDIUM

wpForo Forum < 2.2.6 - Cross-Site Request Forgery leading to Forced User Logout

Title source: llm

Description

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Scores

CVSS v3 5.7

EPSS 0.0027

EPSS Percentile 18.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-352 CWE-862

Status published

Products (2)

gvectors/wpforo_forum < 2.2.6

gVectors Team/wpForo Forum < 2.2.6

Published Nov 30, 2023

Tracked Since Feb 18, 2026