Insecure direct object references (IDOR) vulnerability that allows subscriber+ users to mark any forum post as Private/Public was discovered by Dhakal Ananda (Patchstack Alliance) in the WordPress wpForo Forum plugin (versions <= 2.0.5).
Update the WordPress wpForo Forum plugin to the latest available version (at least 2.0.6).
CPE | Name | Operator | Version |
---|---|---|---|
wpforo forum | le | 2.0.5 |