Headline
CVE-2022-40205: WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability - Patchstack
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 2.0.5
PSID
08dbfd18875b
Classification
Insecure Direct Object References (IDOR)
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-09-26
Details
Insecure direct object references (IDOR) vulnerability that allows subscriber+ users to mark any forum post as Solved/Unsolved was discovered by Dhakal Ananda (Patchstack Alliance) in the WordPress wpForo Forum plugin (versions <= 2.0.5).
Solution
Update the WordPress wpForo Forum plugin to the latest available version (at least 2.0.6).
References