Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tomdever — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting tomdever. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tomdever specializes in web application security research, identifying vulnerabilities across various platforms. Their work primarily focuses on remote code execution, cross-site scripting, and privilege escalation flaws, with 16 CVEs documented to date. The researcher demonstrates particular expertise in identifying authentication bypasses and insecure direct object references. While no major public security incidents are directly attributed to this researcher, their contributions to vulnerability disclosure have consistently highlighted critical weaknesses in widely-used systems. Their findings often involve complex exploitation chains that combine multiple vulnerability classes, indicating a deep understanding of application security architectures and attack surfaces.

Top products by tomdever: wpForo Forum
CVE IDTitleCVSSSeverityPublished
CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path — wpForo ForumCWE-22 8.1 High2026-04-20
CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter — wpForo ForumCWE-862 6.5 Medium2026-04-17
CVE-2026-5809 wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter — wpForo ForumCWE-73 7.1 High2026-04-11
CVE-2026-3666 wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body — wpForo ForumCWE-22 8.8 High2026-04-04
CVE-2026-1581 wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection — wpForo ForumCWE-89 7.5 High2026-02-19
CVE-2026-0910 wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection — wpForo ForumCWE-502 8.8 High2026-02-11
CVE-2025-66070 WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability — wpForo ForumCWE-862 7.5 High2025-12-18
CVE-2025-13126 wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection — wpForo ForumCWE-89 7.5 High2025-12-14
CVE-2025-11740 wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection — wpForo ForumCWE-89 6.5 Medium2025-11-01
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function — wpForo ForumCWE-89 7.5 High2025-10-25
CVE-2025-58597 WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability — wpForo ForumCWE-639 4.3 Medium2025-09-03
CVE-2025-4406 wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar — wpForo ForumCWE-79 5.4 Medium2025-07-10
CVE-2025-31420 WordPress wpForo Forum plugin <= 2.4.2 - Privilege Escalation vulnerability — wpForo ForumCWE-266 7.6 High2025-04-04
CVE-2025-0764 wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update — wpForo ForumCWE-20 6.5 Medium2025-02-28
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection — wpForo ForumCWE-89 9.9 Critical2024-06-01
CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents — wpForo ForumCWE-98 8.8 High2023-06-09

This page lists every published CVE security advisory associated with tomdever. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.