[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fm_0K07tIPtM--7Vld5kKmZz4Rg0MZk6R7OOLft-78cY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-38055","wpforo-forum-authenticated-subscriber-html-injection","wpForo Forum \u003C= 2.0.9 - Authenticated (Subscriber+) HTML Injection","The wpForo Forum plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 2.0.9. This is due to insufficient escaping and sanitization of user supplied input. This makes it possible for authenticated attackers, with subscriber-level permissions and above to inject HTML content on pages.","wpforo",null,"\u003C=2.0.9","2.1.0","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","2022-12-07 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F83cb1333-3c74-426d-9838-a5cb90be29b2?source=api-prod",412]