Browse all 4 CVE security advisories affecting asgaros. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Asgaros is a WordPress discussion forum plugin primarily used for creating comment sections and community forums on websites. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The plugin has accumulated four CVEs to date, with some allowing unauthenticated attackers to execute arbitrary code or compromise user accounts. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities in a relatively small codebase suggests potential risks for unpatched implementations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12901 | Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update — Asgaros ForumCWE-352 | 4.3 | Medium | 2025-11-12 |
| CVE-2025-11452 | Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection — Asgaros ForumCWE-89 | 7.5 | High | 2025-11-08 |
| CVE-2025-39514 | WordPress Asgaros Forum plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability — Asgaros ForumCWE-79 | 6.5 | Medium | 2025-04-16 |
| CVE-2025-32227 | WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability — Asgaros ForumCWE-290 | 4.3 | Medium | 2025-04-10 |
This page lists every published CVE security advisory associated with asgaros. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.