asgaros CVE Vulnerabilities & Metrics

Focus on asgaros vulnerabilities and metrics.

Last updated: 14 Apr 2025, 22:25 UTC

About asgaros Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with asgaros. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total asgaros CVEs: 8
Earliest CVE date: 08 Nov 2021, 18:15 UTC
Latest CVE date: 15 Apr 2024, 08:15 UTC

Latest CVE reference: CVE-2024-32440

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -66.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -66.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical asgaros CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.83

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	2
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS asgaros CVEs

These are the five CVEs with the highest CVSS scores for asgaros, sorted by severity first and recency.

CVE-2021-24827 asgaros Published on 08 Nov 2021, 18:15 UTC (CVSS: 7.5)
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue
CVE-2022-0411 asgaros Published on 28 Feb 2022, 09:15 UTC (CVSS: 6.5)
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection
CVE-2021-25045 asgaros Published on 24 Jan 2022, 08:15 UTC (CVSS: 6.5)
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
CVE-2021-42365 asgaros Published on 29 Nov 2021, 19:15 UTC (CVSS: 2.1)
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for...
CVE-2024-32440 asgaros Published on 15 Apr 2024, 08:15 UTC (CVSS: 0)
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.

All CVEs for asgaros

CVE-2024-32440 asgaros vulnerability CVSS: 0 15 Apr 2024, 08:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.

CVE-2024-22284 asgaros vulnerability CVSS: 0 24 Jan 2024, 12:15 UTC

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.

CVE-2023-5604 asgaros vulnerability CVSS: 0 27 Nov 2023, 17:15 UTC

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.

CVE-2022-41608 asgaros vulnerability CVSS: 0 22 May 2023, 10:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.

CVE-2022-0411 asgaros vulnerability CVSS: 6.5 28 Feb 2022, 09:15 UTC

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection

CVE-2021-25045 asgaros vulnerability CVSS: 6.5 24 Jan 2022, 08:15 UTC

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue

CVE-2021-42365 asgaros vulnerability CVSS: 2.1 29 Nov 2021, 19:15 UTC

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

CVE-2021-24827 asgaros vulnerability CVSS: 7.5 08 Nov 2021, 18:15 UTC

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue