PatchSiren cyber security CVE debrief
CVE-2026-40798 Tomdever CVE debrief
CVE-2026-40798 is a critical unauthenticated SQL injection vulnerability in the wpForo Forum plugin versions <= 3.0.4. The vulnerability has a CVSS score of 9.3 and was published on {cvePublishedAt}. The vulnerability was reported by Patchstack and is listed in the official CVE record {resourceLinkAnnotations.cve-org}.
- Vendor
- Tomdever
- Product
- wpForo Forum
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites using wpForo Forum plugin versions <= 3.0.4 should prioritize patching this vulnerability to prevent potential SQL injection attacks.
Technical summary
The vulnerability is caused by a lack of proper input sanitization in the wpForo Forum plugin, allowing an attacker to inject malicious SQL code. The CVSS vector for this vulnerability is {sourceItem.metadata.cvssVector}.
Defensive priority
critical
Recommended defensive actions
- Update wpForo Forum plugin to a version greater than 3.0.4.
- Review and monitor your WordPress site for potential SQL injection attacks.
- Consider implementing additional security measures such as web application firewalls and intrusion detection systems.
Evidence notes
The vulnerability was reported by Patchstack {resourceLinkAnnotations.ref-4}.
Official resources
-
CVE-2026-40798 CVE record
CVE.org
-
CVE-2026-40798 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40798 was published on 2026-06-15T21:16:52.140Z and modified on 2026-06-15T21:24:32.790Z.