AI Search

Classic Search

Search Phrase:

Search Type:

Advanced search options

Search in Forums:

Search in date period:

Sort Search Results by:

Filter by custom fields

Topic prefix

AI Assistant

Notifications

Clear all

[Closed] Incorrect vulnerability description: WordFence

Summarize Topic

General Discussions

Last Post by Chris 3 years ago

2 Posts

2 Users

0 Reactions

975 Views

RSS

Posts: 212

fawp

Topic starter

Translate ▼

Jun 21, 2023 7:52 pm

(@fawp)

Reputable Member

Joined: 7 years ago

[#49793]

This link refers:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforo/wpforo-forum-217-authenticated-subscriber-local-file-include-server-side-request-forgery-and-phar-deserialization-via-file-get-contents

WordFence states

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function.

saying "in versions up to" makes it seem like all versions since wpForo inception are affected by this particular vulnerability.

This is incorrect, because that particular function is not used in wpForo 1.9.x (for example).

In these cases, do you (wpForo support) ask to correct these security assessments, or do you not bother?

Topic Tags

security wordfence

1 Reply

Posts: 3610

Chris

Translate ▼

Jun 24, 2023 4:38 pm

(@chris)

Famed Member

Joined: 5 years ago

Hi @fawp,

Updating wpForo to 2.1.8 version will fix the problem.

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

RE: Updating to wpForo 3 from version 2

@robert excellent. I’ll be pushing ahead with my upgrad...

By marsm , 22 minutes ago
RE: User is New (under hard spam control) during first [X] posts not working on 3.0

Thank you @robert. I have done the needed...

By JasonToth , 4 hours ago
RE: No AI Assitent widget on forum

@singletrackmark , We know that the WordPress loopbac...

By Martin , 5 hours ago
RE: Subscriber/Registered Users cannot see forums

Hi @009webmaster, Please switch to the 2026 theme i...

By Robert , 7 hours ago
RE: cant see forum topics in list

i have had all cache off, plugings off and code snippet...

By m.h , 7 hours ago
RE: Hello wpForo Team, some bugs on my site.

Hi @helloman, Thank you very much for the detailed fe...

By Robert , 8 hours ago
RE: WpForo as a standalone app ?

Right, I thought about that too. Than later it might be...

By AgendaVolo , 10 hours ago
RE: wpForo forum page shows empty with Twenty Twenty-Four theme

@janak, You’re very welcome! I'm really glad to hear ...

By Robert , 11 hours ago

19 Forums
14.2 K Topics
71.1 K Posts
28 Online
6,043 Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed