CVE-2025-4224: Stored Cross-Site Scripting Vulnerability in wpForo Advanced Attachments Plugin
CVE-2025-4224 is a recently disclosed vulnerability affecting the wpForo + wpForo Advanced Attachments plugin for WordPress. Versions ≤ 3.1.3 are susceptible to a Stored Cross-Site Scripting (XSS) vulnerability, allowing authenticated users with Custom-level access or higher to inject malicious scripts via media upload names. In this post, we’ll walk through what the vulnerability means, who’s […]