This vulnerability in wpForo Forum before version 3.0.2 is an unauthenticated broken access control issue caused by improper preservation of permissions (CWE-281). It allows attackers to bypass access restrictions without authentication, potentially exposing sensitive information. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. No patch or official remediation level has been provided by the vendor or authoritative sources. The vulnerability was published in June 2026 and is currently unpatched with no known active exploitation.

An unauthenticated attacker can bypass access controls in affected wpForo Forum versions, leading to a high confidentiality impact. This means sensitive information could be exposed without requiring any privileges or user interaction. There is no impact on data integrity or availability. The vulnerability affects the confidentiality of the system and potentially user data managed by the forum software.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is currently documented, users should monitor vendor communications for updates. Until a patch is available, consider restricting access to the forum application at the network level or applying compensating controls to limit exposure.