CVE-2026-6248: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in tomdever wpForo Forum
CVE-2026-6248 is a high-severity path traversal vulnerability in the wpForo Forum WordPress plugin up to version 3. 0. 5. It allows authenticated users with subscriber-level access or higher to delete arbitrary files on the server by exploiting improper validation of file-type custom profile fields combined with insufficient path sanitization. This can lead to remote code execution if critical files like wp-config. php are deleted. The vulnerability requires the wpForo - User Custom Fields addon plugin to be active. The product is a cloud service, and a patch is available.
AI Analysis
Technical Summary
The wpForo Forum plugin for WordPress suffers from an arbitrary file deletion vulnerability due to two flaws: the Members::update() method does not properly validate or restrict file-type custom profile field values, enabling attackers to specify arbitrary file paths; and the wpforo_fix_upload_dir() function used in ucf_file_delete() inadequately sanitizes these paths before passing them to the unlink() function. Authenticated users with subscriber-level privileges or higher can exploit this to delete arbitrary files on the server, potentially leading to remote code execution. This issue requires the presence of the User Custom Fields addon plugin. The vulnerability has a CVSS 3.1 score of 8.1 (high severity). The product is cloud-hosted, and a patch is available.
Potential Impact
An attacker with subscriber-level access or higher can delete arbitrary files on the server hosting the wpForo Forum plugin, which can lead to denial of service or remote code execution if critical files such as wp-config.php are deleted. This compromises the integrity and availability of the affected system. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Since the product is a cloud-hosted service, the vendor manages remediation server-side. A patch is available for this vulnerability. Users should ensure their wpForo Forum plugin and the User Custom Fields addon are updated to the fixed versions as provided by the vendor. Check the vendor advisory for confirmation and apply updates promptly.
CVE-2026-6248: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in tomdever wpForo Forum
Description
CVE-2026-6248 is a high-severity path traversal vulnerability in the wpForo Forum WordPress plugin up to version 3. 0. 5. It allows authenticated users with subscriber-level access or higher to delete arbitrary files on the server by exploiting improper validation of file-type custom profile fields combined with insufficient path sanitization. This can lead to remote code execution if critical files like wp-config. php are deleted. The vulnerability requires the wpForo - User Custom Fields addon plugin to be active. The product is a cloud service, and a patch is available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The wpForo Forum plugin for WordPress suffers from an arbitrary file deletion vulnerability due to two flaws: the Members::update() method does not properly validate or restrict file-type custom profile field values, enabling attackers to specify arbitrary file paths; and the wpforo_fix_upload_dir() function used in ucf_file_delete() inadequately sanitizes these paths before passing them to the unlink() function. Authenticated users with subscriber-level privileges or higher can exploit this to delete arbitrary files on the server, potentially leading to remote code execution. This issue requires the presence of the User Custom Fields addon plugin. The vulnerability has a CVSS 3.1 score of 8.1 (high severity). The product is cloud-hosted, and a patch is available.
Potential Impact
An attacker with subscriber-level access or higher can delete arbitrary files on the server hosting the wpForo Forum plugin, which can lead to denial of service or remote code execution if critical files such as wp-config.php are deleted. This compromises the integrity and availability of the affected system. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Since the product is a cloud-hosted service, the vendor manages remediation server-side. A patch is available for this vulnerability. Users should ensure their wpForo Forum plugin and the User Custom Fields addon are updated to the fixed versions as provided by the vendor. Check the vendor advisory for confirmation and apply updates promptly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-04-13T18:20:17.299Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69e6746e19fe3cd2cd270d57
Added to database: 4/20/2026, 6:46:06 PM
Last enriched: 4/20/2026, 7:01:03 PM
Last updated: 4/20/2026, 8:54:23 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.