Download wpForo 3.0

AI Search
Classic Search
 Search Phrase:
 Search Type:
Advanced search options
 Search in Forums:
 Search in date period:

 Sort Search Results by:

AI Assistant
Forums
wpForo Support Foru...
How-to and Troubles...
wpForo Forum < 2...
 
Notifications
Clear all

[Solved] wpForo Forum < 2.1.0 - Subscriber+ Arbitrary File Upload

    Summarize Topic
How-to and Troubleshooting - wpForo 2.0
Last Post by kirua78 3 years ago
5 Posts
2 Users
1 Reactions
2,176 Views
RSS
Posts: 3
 kirua78
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Nov 21, 2022 3:12 pm
(@kirua78)
Active Member
Joined: 3 years ago
[#26900]

Hi,

I'am using wpforo in version 1.9.9.1 and the plugin is vulnerable as : https://wpscan.com/vulnerability/d54d5500-e034-4a4b-ab06-af2e84b7554b

Because of some custom code it is impossible to update the plugin for this time.

My question it is possible to disable the upload for subscriber user ? Or do anything that can fix the vuln ?

 

Thanks for your help


Topic Tags
wpforo vulnerability file upload subscriber
4 Replies
Chris
Posts: 3610
 Chris
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Nov 21, 2022 6:39 pm
(@chris)
Famed Member
Joined: 5 years ago

Hi @kirua78,

Navigate to Dashboard > wpForo > Settings > Spam Protection, and check Do not allow attaching files with following extensions field


In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Posts: 3
 kirua78
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Nov 21, 2022 7:46 pm
(@kirua78)
Active Member
Joined: 3 years ago

Hi Chris,

Thanks for your reply, but i dont have the setting spam protection, i need to install a specific addons ?


1 Reply
Chris
 Chris
(@chris)
Joined: 5 years ago

Famed Member
Posts: 3610
Nov 22, 2022 5:35 pm
Reply tokirua78
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian

@kirua78,

You have spam protection in wpForo Settings, just look carefully and you will find it.

Or insert your domain in this path:

https://yourdomain/wp-admin/admin.php?page=wpforo-settings&wpf_tab=antispam


In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

kirua78 reacted
Posts: 3
 kirua78
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Nov 22, 2022 8:41 pm
(@kirua78)
Active Member
Joined: 3 years ago

Perfect, thanks for your help


Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  wpforo (150) , vulnerability (9) , file upload (1) , subscriber (3) ,
Share: