[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSvcD7RbX5zumthp8043Lq1k6g8JZbErgkw1pEShR5Tc":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":28,"research_verified":29,"research_rounds_completed":30,"research_plan":31,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":32,"research_started_at":33,"research_completed_at":34,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":29,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":29,"source_links":35},"CVE-2026-49767","wpforo-forum-missing-authorization-5","wpForo Forum \u003C= 3.1.0 - Missing Authorization","The wpForo Forum plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.","wpforo",null,"\u003C=3.1.0","3.1.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-06-04 00:00:00","2026-06-10 18:00:26",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F424cf586-f225-4ce3-9b66-b0bece394f1f?source=api-prod",7,[22,23,24,25,26,27],"admin\u002Fassets\u002F.DS_Store","admin\u002Fassets\u002Fcss\u002Fadmin.css","classes\u002FMembers.php","includes\u002Ffunctions.php","includes\u002Fhooks.php","readme.txt","researched",false,3,"', ...);\n            }\n        });\n        ```\n        This notice is shown in the admin.\n        Wait, there's an AJAX action `wpforo_notice_dismiss` that wpForo uses globally.\n\n    *   Let's refine the \"Unauthorized Action\".\n    *   If it's `wp_ajax_nopriv_wpforo_notice_dismiss`, any unauthenticated user can call:\n        `POST \u002Fwp-admin\u002Fadmin-ajax.php`\n        `action=wpforo_notice_dismiss&notice_id=...`\n        This would dismiss notices for the admin.\n\n    *   Wait, look at `Members.php` line 115: `wpforo_after_activate_user`.\n    *   This is a hook. What calls `do_action('wpforo_after_activate_user', ...)`?\n    *   It's usually the `activate()` method in `Members.php`.\n\n    *   Let's look for how `activate()` is called.\n    *   If there's an `init` hook that checks for `$_GET['wpfaction'] == 'activate'`.\n    *   In wpForo 3.1.0, the logic for `wpfaction=activate` was:\n        ```php\n        if (wpfval($_GET, 'wpfaction') == 'activate') {\n            $userid = intval($_GET['uid']);\n            $key = $_GET['key'];\n","gemini-3-flash-preview","2026-06-26 05:09:25","2026-06-26 05:10:40",{"type":36,"vulnerable_version":37,"fixed_version":11,"vulnerable_browse":38,"vulnerable_zip":39,"fixed_browse":40,"fixed_zip":41,"all_tags":42},"plugin","3.1.0","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwpforo\u002Ftags\u002F3.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpforo.3.1.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwpforo\u002Ftags\u002F3.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpforo.3.1.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwpforo\u002Ftags"]