Notifications
Clear all

[Solved] wpForo Forum < 2.1.0 - Subscriber+ Arbitrary File Upload

5 Posts
2 Users
1 Reactions
1,436 Views
Posts: 3
Topic starter
(@kirua78)
Active Member
Joined: 2 years ago

Hi,

I'am using wpforo in version 1.9.9.1 and the plugin is vulnerable as : https://wpscan.com/vulnerability/d54d5500-e034-4a4b-ab06-af2e84b7554b

Because of some custom code it is impossible to update the plugin for this time.

My question it is possible to disable the upload for subscriber user ? Or do anything that can fix the vuln ?

 

Thanks for your help

4 Replies
Chris
Posts: 3627
(@chris)
Famed Member
Joined: 3 years ago

Hi @kirua78,

Navigate to Dashboard > wpForo > Settings > Spam Protection, and check Do not allow attaching files with following extensions field

Posts: 3
Topic starter
(@kirua78)
Active Member
Joined: 2 years ago

Hi Chris,

Thanks for your reply, but i dont have the setting spam protection, i need to install a specific addons ?

1 Reply
Chris
(@chris)
Joined: 3 years ago

Famed Member
Posts: 3627

@kirua78,

You have spam protection in wpForo Settings, just look carefully and you will find it.

Or insert your domain in this path:

https://yourdomain/wp-admin/admin.php?page=wpforo-settings&wpf_tab=antispam

Posts: 3
Topic starter
(@kirua78)
Active Member
Joined: 2 years ago

Perfect, thanks for your help