What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6.
Explanation of Vulnerability in Simple Terms
02Summary
wpForo Forum versions 2.4.6 and earlier contain a vulnerability that allows authenticated users to disrupt forum availability. An attacker with a low-privilege account can trigger a denial-of-service condition affecting the forum's operation. The vulnerability requires valid forum credentials to exploit and does not compromise data confidentiality or integrity.
What an attacker can do
03Attacker Capabilities
Disrupt forum availability or performance by triggering a denial-of-service condition.
Potential impact on your site
04Site Impact
Forum users may experience service interruptions or degraded performance if an authenticated attacker exploits this vulnerability.
Conditions required to exploit
05Prerequisites
Attacker must have a valid forum user account with low-level privileges.
Key dates
06Disclosure timeline
September 3, 2025
CVE published
May 12, 2026
Record updated