Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Remote, unauthenticated, single-request administrator creation with no user interaction yields AV:N/AC:L/PR:N/UI:N and full C/I/A impact; the public-form prerequisite is a config precondition, not attack complexity.
Primary rating from Vendor (Wordfence).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-field whitelist. This makes it possible for unauthenticated attackers to register a new administrator account by submitting a crafted request to a publicly accessible Bricksforge Pro Forms registration form. Successful exploitation requires that the site has a public Bricksforge Pro Forms element configured with the User Registration action.
Articles & Coverage 1
AnalysisAI
Unauthenticated privilege escalation in the Bricksforge WordPress plugin (versions ≤ 3.1.8.6) lets remote attackers create a new administrator account by abusing the Pro Forms User Registration action. The plugin fails to validate the fieldIds parameter, so attacker-supplied field IDs are injected into the trusted form-field whitelist, enabling mass-assignment of a privileged role. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target site has a publicly accessible Bricksforge Pro Forms element configured with the User Registration action - this specific feature/configuration is the mandatory precondition and sites without such a form are not exploitable despite running a vulnerable version. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a genuine high priority, not an inflated CVSS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker locates a WordPress site running Bricksforge with a public Pro Forms registration form, then submits a crafted registration request that adds a role/capabilities field ID to the fieldIds parameter and sets its value to administrator. The server accepts the manipulated whitelist and provisions a new administrator account, giving the unauthenticated attacker full control of the site. … |
| Remediation | Upgrade Bricksforge to a fixed release above 3.1.8.6 as published in the vendor changelog (https://bricksforge.io/version-changelog/); the input does not specify an exact patched version number, so treat this as 'Patch available per vendor advisory' and confirm the fixed build against the changelog before deploying. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress installations running Bricksforge version 3.1.8.6 or earlier and immediately disable the Pro Forms User Registration feature or deactivate the entire plugin. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Bricksforge
View allUnauthenticated sensitive data exposure in the Bricksforge WordPress plugin versions 3.1.8.4 and earlier allows remote a
Missing Authorization vulnerability in Bricksforge.0.17. Rated high severity (CVSS 7.5), this vulnerability is remotely
Missing Authorization vulnerability in Bricksforge.0.17. Rated high severity (CVSS 7.5), this vulnerability is remotely
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45123