WordPress Plugin Vulnerabilities

wpForo Forum < 2.4.4 - Subscriber+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation, making it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges.

Affects Plugins

Plugin icon
wpforo
Fixed in 2.4.4

References

CVE
CVE-2025-31420
URL
https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-2-4-2-privilege-escalation-vulnerability

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
6c400c97-9ef1-4588-822e-3d5fd29a3aa0

Timeline

Publicly Published
2025-04-02 (about 11 months ago)
Added
2025-04-10 (about 10 months ago)
Last Updated
2025-04-10 (about 10 months ago)

Other

Published
Title
Published
2020-03-16
Title
LearnPress < 3.2.6.7 - Privilege Escalation
Published
2025-05-30
Title
Offsprout Page Builder 2.2.1 - 2.15.2 - Contributor+ Privilege Escalation
Published
2025-03-18
Title
Service Finder Bookings < 5.1 - Unauthenticated Privilege Escalation via Account Takeover
Published
2023-08-09
Title
WP Project Manager < 2.6.5 - Subscriber+ Privilege Escalation
Published
2025-12-10
Title
WP CarDealer < 1.2.17 - Unauthenticated Privilege Escalation