3 matches found
CVE-2026-22659 FlaskBB Authorization Bypass via Topic ID Manipulation
FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted...
CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...
PT-2026-22475
Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a flaw due to missing authorization checks. An authenticated subscriber can approve or unapprove any forum post by exploiting the wpforo approve ajax AJAX handler. The check relies...