Notifications

Clear all

[Solved] wpForo Forum < 2.1.0 - Subscriber+ Arbitrary File Upload

How-to and Troubleshooting

Last Post by kirua78 2 years ago

5 Posts

2 Users

1 Reactions

1,436 Views

RSS

Posts: 3

kirua78

Topic starter

Nov 21, 2022 11:12 am

(@kirua78)

Active Member

Joined: 2 years ago

Hi,

I'am using wpforo in version 1.9.9.1 and the plugin is vulnerable as : https://wpscan.com/vulnerability/d54d5500-e034-4a4b-ab06-af2e84b7554b

Because of some custom code it is impossible to update the plugin for this time.

My question it is possible to disable the upload for subscriber user ? Or do anything that can fix the vuln ?

Thanks for your help

Topic Tags

file attachment file extensions

4 Replies

Posts: 3627

Chris

Nov 21, 2022 2:39 pm

(@chris)

Famed Member

Joined: 3 years ago

Hi @kirua78,

Navigate to Dashboard > wpForo > Settings > Spam Protection, and check Do not allow attaching files with following extensions field

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Posts: 3

kirua78

Topic starter

Nov 21, 2022 3:46 pm

(@kirua78)

Active Member

Joined: 2 years ago

Hi Chris,

Thanks for your reply, but i dont have the setting spam protection, i need to install a specific addons ?

1 Reply

Chris

(@chris)

Joined: 3 years ago

Famed Member

Posts: 3627

Nov 22, 2022 1:35 pm

Reply to

kirua78

@kirua78,

You have spam protection in wpForo Settings, just look carefully and you will find it.

Or insert your domain in this path:

https://yourdomain/wp-admin/admin.php?page=wpforo-settings&wpf_tab=antispam

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.