Lucene search
K

4 matches found

Patchstack
Patchstack
added 2026/04/17 9:44 a.m.11 views

WordPress wpForo Forum plugin <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability discovered by Jared Reyes in WordPress Plugin wpForo Forum versions = 2.4.16...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 2:25 a.m.2 views

CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS5.7AI score0.00331EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/17 2:25 a.m.34 views

CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS0.00331EPSS
Exploits0References8
CVE
CVE
added 2026/04/17 2:25 a.m.22 views

CVE-2026-4666

CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References8
Rows per page
Query Builder