EPSS
Percentile
44.9%
The plugin did not have CSRF in place in a page, allowing attacker to make a logged in admin set all new users as admins directly
https://example.com/wp-admin/admin.php?page=wpforo-usergroups&default;=1
wpforo.com/community/wpforo-announcements/wpforo-1-7-0-is-released/