Vulnerability Description
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gvectors | Wpforo Forum | < 1.5.2 |
References
- https://github.com/9emin1/advisoriesThird Party Advisory
- https://github.com/9emin1/advisories/blob/master/wpForo-1-5-1.mdThird Party Advisory
- https://wordpress.org/plugins/wpforo/#developersRelease NotesVendor Advisory
- https://github.com/9emin1/advisoriesThird Party Advisory
- https://github.com/9emin1/advisories/blob/master/wpForo-1-5-1.mdThird Party Advisory
- https://wordpress.org/plugins/wpforo/#developersRelease NotesVendor Advisory
FAQ
What is CVE-2018-16613?
CVE-2018-16613 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of us...
How severe is CVE-2018-16613?
CVE-2018-16613 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-16613?
Check the references section above for vendor advisories and patch information. Affected products include: Gvectors Wpforo Forum.