Wordfence Reports that Asgaros vulnerability
Quote from tseuquest on May 2, 2025, 12:24 pmhttps://really-simple-ssl.com/vulnerability/d91076bd-64d9-452c-8737-098dda589f95/?mtm_campaign=notification&mtm_source=free&mtm_content=upgrade
Lleva un mes este aviso.
Gracias de antemano.
Lleva un mes este aviso.
Gracias de antemano.
Uploaded files:Quote from tseuquest on May 2, 2025, 12:52 pmQuote from Ole on May 2, 2025, 12:44 pmMaybe you should update to 3.1.0?
Yes, i did.
vulnerable versions: >= * <= 3.1.0
Quote from Ole on May 2, 2025, 12:44 pmMaybe you should update to 3.1.0?
Yes, i did.
Quote from tseuquest on May 2, 2025, 12:59 pmhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32227
https://really-simple-ssl.com/component/asgaros-forum/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32227
https://really-simple-ssl.com/component/asgaros-forum/
Uploaded files:
Quote from FTP on May 19, 2025, 9:47 am@tseuquest the question you asked in your 1st post was about the issue CVE-2025-32227 (cf. your screen shot).And the answer of @olpo was correct. This issue is fixed in Asgaros 3.1.0…Quote from Ole on May 2, 2025, 12:44 pmMaybe you should update to 3.1.0?
https://patchstack.com/database/wordpress/plugin/asgaros-forum/vulnerability/wordpress-asgaros-forum-plugin-3-0-0-file-upload-numbers-bypass-vulnerability?_s_id=cve
Even on your last post, you still mention this URL “https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32227” and show a screenshot of it, but the answer to this issue is still the same…, this is fixed in Asgaros 3.1.0 !
Follow the patchstack link in the CVE form and you’ll see.
However, there’s a new issue since April 16th, still not fixed in Asgaros 3.1.0, the CVE-2025-39514…
https://www.cve.org/CVERecord?id=CVE-2025-39514https://patchstack.com/database/wordpress/plugin/asgaros-forum/vulnerability/wordpress-asgaros-forum-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve
It would be nice to have an update 🙂
Quote from Ole on May 2, 2025, 12:44 pmMaybe you should update to 3.1.0?
Even on your last post, you still mention this URL “https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32227” and show a screenshot of it, but the answer to this issue is still the same…, this is fixed in Asgaros 3.1.0 !
Follow the patchstack link in the CVE form and you’ll see.
However, there’s a new issue since April 16th, still not fixed in Asgaros 3.1.0, the CVE-2025-39514…
https://www.cve.org/CVERecord?id=CVE-2025-39514
It would be nice to have an update 🙂