Quote from Ole on May 2, 2025, 12:44 pm

Maybe you should update to 3.1.0?

Quote from tseuquest on May 2, 2025, 12:52 pm

Quote from Ole on May 2, 2025, 12:44 pm

Maybe you should update to 3.1.0?

Yes, i did.

Asgaros Forum

vulnerable versions: >= * <= 3.1.0

Quote from tseuquest on May 2, 2025, 12:59 pm

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32227

https://really-simple-ssl.com/component/asgaros-forum/

 

Quote from nnookk on May 15, 2025, 8:47 am

I have the same issue. Have u got solution?

Quote from FTP on May 19, 2025, 9:47 am

@tseuquest the question you asked in your 1st post was about the issue CVE-2025-32227 (cf. your screen shot).

And the answer of @olpo was correct. This issue is fixed in Asgaros 3.1.0…

Quote from Ole on May 2, 2025, 12:44 pm

Maybe you should update to 3.1.0?

https://patchstack.com/database/wordpress/plugin/asgaros-forum/vulnerability/wordpress-asgaros-forum-plugin-3-0-0-file-upload-numbers-bypass-vulnerability?_s_id=cve

Even on your last post, you still mention this URL “https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32227” and show a screenshot of it, but the answer to this issue is still the same…, this is fixed in Asgaros 3.1.0 !
Follow the patchstack link in the CVE form and you’ll see.

 

However, there’s a new issue since April 16th, still not fixed in Asgaros 3.1.0, the CVE-2025-39514…
https://www.cve.org/CVERecord?id=CVE-2025-39514

https://patchstack.com/database/wordpress/plugin/asgaros-forum/vulnerability/wordpress-asgaros-forum-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve

It would be nice to have an update 🙂