WordPress Plugin wpForo Forum Multiple Vulnerabilities - CVE-2023-2249

WordPress Plugin wpForo Forum is prone to multiple vulnerabilities including local file inclusion server-side request forgery and PHAR deserialization vulnerabilities. Exploiting these issues may allow an attacker to obtain sensitive information to make the vulnerable server perform port scanning of hosts in internal or external networks or to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. WordPress Plugin wpForo Forum version 2.1.7 is vulnerable prior versions may also be affected.