Headline
CVE-2022-40200: WordPress wpForo Forum plugin <= 2.0.9 - Arbitrary File Upload vulnerability - Patchstack
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Verified
Fixed
9.9
CVSS 3.1 score Critical severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 2.0.9
PSID
68d594fc3210
Classification
Arbitrary File Upload
OWASP Top 10
A1: Injection
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-11-09
Details
Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance) in WordPress wpForo Forum plugin (versions <= 2.0.9).
Solution
Update the WordPress wpForo Forum plugin to the latest available version (at least 2.1.0).
References