CVE-2022-40206

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin versions <= 2.0.5

Description The issue is related to an insecure direct object references (IDOR) vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as private or public.

Recommendations For wpForo Forum plugin versions <= 2.0.5, update to a version higher than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting user roles to prevent subscribers or higher from accessing the forum post settings until a patch is available.