What is the CVSS score of CVE-2026-40798?

CVE-2026-40798 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.3%.

Which versions of wpForo Forum are affected by CVE-2026-40798?

The wpForo Forum WordPress plugin (versions 3.0.4 and earlier) contains a critical SQL injection vulnerability (CVE-2026-40798, CVSS 9.3) that allows unauthenticated attackers to extract sensitive…

How to fix or mitigate CVE-2026-40798?

24 hours: Audit all WordPress installations for wpForo versions 3.0.4 and earlier; immediately disable the plugin or restrict its access via firewall rules. 7 days: Contact wpForo vendor for patch availability and timeline; evaluate alternative forum plugins or migration options. 30 days: Deploy patched version or approved alternative once available; conduct database activity logs for evidence of exploitation.

wpForo Forum CVE-2026-40798

EUVD-2026-36807 CRITICAL

SQL Injection (CWE-89)

2026-06-15 Patchstack

GHSA-r7jj-7q7m-56qf

SQLi Wpforo Forum

9.3

CVSS 3.1 · Vendor: Patchstack

Severity by source

Vendor (Patchstack) PRIMARY

9.3 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

vuln.today AI

9.3 CRITICAL

Unauthenticated network SQLi against a WordPress plugin (PR:N, AV:N, AC:L); S:C and C:H from shared-DB exposure; I:L allowed because SQLi typically permits some data modification, A:N as no DoS path is described.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Jun 15, 2026 - 22:05 vuln.today

DescriptionCVE.org

Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.

AnalysisAI

Unauthenticated SQL injection in the wpForo Forum WordPress plugin (versions 3.0.4 and earlier) allows remote attackers to inject arbitrary SQL into backend database queries without any credentials or user interaction. With a CVSS 3.1 score of 9.3 and a scope-changing vector, exploitation can expose data beyond the plugin's own context, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify WordPress site running wpForo ≤3.0.4

Delivery

Send crafted HTTP request with SQLi payload

Exploit

Bypass missing input sanitization

Execution

Inject SQL into backend query

Persist

Exfiltrate wp_users hashes and secrets

Impact

Crack credentials offline or pivot to admin takeover

Access

Identify WordPress site running wpForo ≤3.0.4

Delivery

Send crafted HTTP request with SQLi payload

Exploit

Bypass missing input sanitization

Execution

Inject SQL into backend query

Persist

Exfiltrate wp_users hashes and secrets

Impact

Crack credentials offline or pivot to admin takeover

Vulnerability AssessmentAI

Exploitation	No special conditions - remote unauthenticated exploitation against default installations of wpForo Forum plugin versions ≤3.0.4 on WordPress, with no user interaction required (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N is maximally exposed - network-reachable, no authentication, no user interaction, low complexity - which is consistent with an unauthenticated SQLi reachable on any public WordPress site running the plugin. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker sends a crafted HTTP request to a vulnerable wpForo endpoint (for example, a search, member-lookup, or forum-listing parameter) with SQL injection payloads, leveraging UNION-based or time-based techniques to extract data from the WordPress database. Because S:C/C:H applies, the attacker can read wp_users password hashes, wp_options secrets, and data from other plugins sharing the database - enabling subsequent offline cracking or session hijacking. …
Remediation	Patch available per vendor advisory - administrators should upgrade wpForo Forum to a version newer than 3.0.4 as soon as a fixed release is published by tomdever/gVectors; consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-3-0-4-sql-injection-vulnerability) and the WordPress.org plugin page for the exact patched version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all WordPress installations for wpForo versions 3.0.4 and earlier; immediately disable the plugin or restrict its access via firewall rules. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49767 CRITICAL Act Now

9.8 Jun 17

Authentication bypass in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote unauthenticated atta

CVE-2026-40798 vulnerability details – vuln.today

Back

wpForo Forum CVE-2026-40798

Severity by source

CVSS VectorVendor: Patchstack

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code