CVE-2022-40632 gVectors Team wpForo Forum plugin = 2.0.5 vulnerable to CSRF leading to topic deletion.

A malicious user with access to the admin settings of the site can perform CSRF attack to delete any topic in the site. WordPress 4.9.5 was released on June 5, adding CSRF protections, making it more difficult to perform CSRF attacks. However, if the site is running an older version of WordPress and the CSRF vulnerability is present, an attacker can exploit it to delete any topic on the site. It is recommended to update WordPress to the latest version to mitigate this threat. gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gVectors Team released gV

References: https://en.support.wordpress.com/csrf-protection/

https://blog.gVectorTeam.com/wp-admin-csrf-protection
https://www.wilsoncenter.org/publication/wikileaks-reveals-new-vulnerabilities
http://blog.gvectorteam.com/2018/06/update-wordpress-to-400005

Timeline

Published on: 11/08/2022 19:15:00 UTC
Last modified on: 11/09/2022 13:56:00 UTC

References

• https://wordpress.org/plugins/wpforo/
• https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-5-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40632