wpForo < 1.5.2 – Privilege Escalation | CVE 2018-16613

Affects Plugins

wpforo

Fixed in 1.5.2

References

CVE

CVE-2018-16613

URL

https://github.com/9emin1/advisories/blob/master/wpForo-1-5-1.md

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-269

CVSS

9.8 (critical)

Miscellaneous

Verified

No

WPVDB ID

39602630-4bdd-4c95-831f-eff8a85a1f09

Timeline

Publicly Published

2018-09-06 (about 7 years ago)

Added

2019-08-23 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-05-06

Title

Frontend Dashboard 1.0 - 2.2.6 - Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function

Published

2025-07-28

Title

SureDash < 1.1.0 - Subscriber+ Privilege Escalation

Published

2025-01-17

Title

Adifier System < 3.1.8 - Unauthenticated Arbitrary Password Reset

Published

2025-08-19

Title

Simple Business Directory Pro < 15.6.9 - Unauthenticated Privilege Escalation

Published

2025-04-23

Title

Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation