<0.1% probability · 11.3th percentile — 2026-05-12
Affected versions
wpForo Forum WordPress plugin all versions up to and including 2.4.16
Summary
This is a path traversal vulnerability in the wpForo Forum plugin for WordPress. The flaw allows authenticated attackers with subscriber-level access or above to delete arbitrary files on the target server. Attackers exploit this by embedding a crafted path traversal string in a forum post, then deleting the post to trigger the vulnerability.
Remediation
Update the wpForo Forum plugin to a version released after 2.4.16 that fixes this vulnerability immediately. Remove any unused WordPress plugins from your instances to reduce attack surface. Audit user permissions to ensure only trusted users have subscriber-level access or higher.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.