CVE-2026-42682
published 2026-06-01CVE-2026-42682: Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo…
PriorityP350critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.29%
20.7th percentile
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects wpForo Forum: from n/a through 3.0.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tomdever | wpforo_forum | n/a – 3.0.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels.
ghsa_unreviewed·2026-06-01
CVE-2026-42682 [CRITICAL] CWE-862 Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels.
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects wpForo Forum: from n/a through 3.0.6.
VulDB
Tomdever wpForo Forum Plugin up to 3.0.6 on WordPress authorization
vuldb·2026-06-01·CVSS 9.1
CVE-2026-42682 [CRITICAL] Tomdever wpForo Forum Plugin up to 3.0.6 on WordPress authorization
A vulnerability identified as critical has been detected in Tomdever wpForo Forum Plugin up to 3.0.6 on WordPress. Affected is an unknown function. This manipulation causes missing authorization.
This vulnerability appears as CVE-2026-42682. The attack may be initiated remotely. There is no available exploit.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-01
Published