What the vulnerability does
01Description
Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.
Explanation of Vulnerability in Simple Terms
ForumWP through version 2.1.4 fails to properly check user permissions before allowing certain actions. A logged-in user with low privileges can modify data they should not have access to. The vulnerability does not expose sensitive information or crash the site, but allows unauthorized changes to forum content or settings.
What an attacker can do
Modify forum data or settings without proper authorization.
Potential impact on your site
Forum content or settings may be altered by users who should not have that permission.
Conditions required to exploit
Attacker must have a low-privilege account on the site.
Key dates
External resources