What is the CVSS score of CVE-2026-40767?

CVE-2026-40767 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.3%.

Which versions of wpForo Forum are affected by CVE-2026-40767?

wpForo Forum WordPress plugin versions before 3.0.2 contain an authentication bypass allowing unauthenticated access to restricted forum content.. A patch is available.

How to fix or mitigate CVE-2026-40767?

Within 24 hours: inventory all WordPress installations using wpForo Forum and document current plugin versions. Within 7 days: deploy wpForo Forum version 3.0.2 or later to all affected systems. Within 30 days: review forum access logs for evidence of unauthorized content retrieval and determine if user notification is required.

wpForo Forum CVE-2026-40767

EUVD-2026-36977 HIGH

Improper Preservation of Permissions (CWE-281)

2026-06-15 Patchstack

GHSA-67cg-j2qq-7wv4

Information Disclosure Wpforo Forum

7.5

CVSS 3.1 · Vendor: Patchstack

Severity by source

Vendor (Patchstack) PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

vuln.today AI

7.5 HIGH

Network-reachable WordPress plugin endpoint, no authentication or interaction per description, and impact is confidentiality-only disclosure of restricted forum content with no integrity or availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Jun 15, 2026 - 22:12 vuln.today

Patch available

Jun 15, 2026 - 22:02 EUVD

DescriptionCVE.org

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

AnalysisAI

Unauthenticated information disclosure in the wpForo Forum WordPress plugin versions prior to 3.0.2 allows remote attackers to bypass access controls and read forum content that should be restricted. The flaw stems from improper permission preservation (CWE-281), letting unauthenticated users access data intended only for authorized members. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify WordPress site running wpForo < 3.0.2

Delivery

Send crafted request to forum endpoint

Exploit

Bypass access control check

Execution

Retrieve restricted forum content

Impact

Exfiltrate private discussion data

Access

Identify WordPress site running wpForo < 3.0.2

Delivery

Send crafted request to forum endpoint

Exploit

Bypass access control check

Execution

Retrieve restricted forum content

Impact

Exfiltrate private discussion data

Vulnerability AssessmentAI

Exploitation	No special conditions - remote unauthenticated exploitation against default configurations of wpForo Forum plugin versions prior to 3.0.2 on any WordPress site where the plugin is installed and active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N scores 7.5 and indicates network-reachable, low-complexity, unauthenticated exploitation with high confidentiality impact but no integrity or availability impact - consistent with an information disclosure flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated remote attacker sends crafted HTTP requests directly to vulnerable wpForo Forum endpoints on a target WordPress site, bypassing membership or board-level access controls to retrieve forum posts, topics, or user information that should be restricted to logged-in members. Because exploitation requires no authentication or user interaction and the attack complexity is low, the attacker can script the request against many WordPress sites running the plugin to harvest private discussion content at scale.
Remediation	Upgrade the wpForo Forum plugin to version 3.0.2 or later through the WordPress admin plugin update mechanism - this is the vendor-released patch and the primary fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all WordPress installations using wpForo Forum and document current plugin versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49767 CRITICAL Act Now

9.8 Jun 17

Authentication bypass in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote unauthenticated atta

CVE-2026-40767 vulnerability details – vuln.today

Back

wpForo Forum CVE-2026-40767

Severity by source

CVSS VectorVendor: Patchstack

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code