PatchSiren cyber security CVE debrief
CVE-2026-40767 Tomdever CVE debrief
CVE-2026-40767 is a HIGH severity vulnerability in the wpForo Forum plugin for WordPress. The vulnerability has a CVSS score of 7.5 and was published on 2026-06-15T21:16:49.353Z. The vulnerability allows unauthenticated broken access control in versions of the plugin before 3.0.2.
- Vendor
- Tomdever
- Product
- wpForo Forum
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the wpForo Forum plugin for WordPress should be aware of this vulnerability if they are using a version less than 3.0.2.
Technical summary
The vulnerability is described as CWE-281 and has the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
HIGH
Recommended defensive actions
- Update to version 3.0.2 or later of the wpForo Forum plugin.
- Review access controls for the wpForo Forum plugin.
Evidence notes
Evidence for this CVE comes from Patchstack, listed as a reference in the NVD.
Official resources
-
CVE-2026-40767 CVE record
CVE.org
-
CVE-2026-40767 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40767 was published on 2026-06-15T21:16:49.353Z and modified on 2026-06-15T21:24:32.790Z.