Threats Tagged 'cve-2026-6248'
View all threats tagged with 'cve-2026-6248'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-6248'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-6248: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in tomdever wpForo ForumCVE-2026-6248 0 The wpForo Forum WordPress plugin, up to version 3. 0. 5, contains a path traversal vulnerability that allows authenticated users with subscriber-level access or higher to delete arbitrary files on the server. This is due to insufficient validation of file-type custom profile fields combined with inadequate sanitization in the file deletion function. Exploitation can lead to deletion of critical files such as wp-config. php, potentially enabling remote code execution. The vulnerability requires the presence of the wpForo - User Custom Fields addon plugin. The affected service is cloud-hosted, and the vendor manages remediation. Join the discussion | CVE Database V5 | 04/20/2026, 18:31:33 UTC Added: 04/20/2026, 18:46:06 UTC |
Showing 1 to 1 of 1 result