CVE-2025-0764 - Vulnerability Details

- wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update

Description

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.

Published: 2025-02-28

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Insufficient input validation in the Members class update method allows authenticated users with subscriber-level privileges or higher to request arbitrary file paths and read the contents of any file on the server. The attacker could therefore access configuration files, logs, or other files that contain sensitive data; the potential exposure of credentials is inferred from the ability to read arbitrary files.

Affected Systems

The vulnerability affects the wpForo Forum WordPress plugin, developed by TomDever, in all releases up to and including version 2.4.1. Site operators using these versions should verify the installed version and plan a timely upgrade.

Risk and Exploitability

The CVSS base score of 6.5 indicates a medium severity vulnerability with a threat to confidentiality. The EPSS score of less than 1% shows that exploitation is currently unlikely, and the issue is not listed in the CISA KEV catalog. Because the flaw requires authentication, an attacker must compromise a subscriber account or create one, after which the plugin can be directed to read any file within the server’s filesystem.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

tomdever

wpForo Forum

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.4.1

Configuration 1 [-]

cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the wpForo Forum plugin to the latest version to apply the fix for the arbitrary file read issue.
Restrict subscriber users from accessing the Members update functionality or remove the subscriber role when it is not required for site operation.
Configure the web server to deny direct file access outside the permitted WordPress directories, limiting the plugin’s ability to read files from prohibited locations.

Generated by OpenCVE AI on April 28, 2026 at 03:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-5499	The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00121.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/3245711/wpforo
https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=cve

History

Thu, 06 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gvectors Gvectors wpforo Forum
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:gvectors:wpforo_forum::::::wordpress::*
Vendors & Products		Gvectors Gvectors wpforo Forum

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 28 Feb 2025 07:15:00 +0000

Type	Values Removed	Values Added
Description		The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.
Title		wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update
Weaknesses		CWE-20
References		https://plugins.trac.wordpress.org/changeset/3245711/wpforo https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=cve
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Gvectors Wpforo Forum

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-02-28T07:03:46.135Z

Updated: 2026-04-08T17:06:06.576Z

Reserved: 2025-01-27T23:25:42.982Z

Link: CVE-2025-0764

Vulnrichment

Updated: 2025-02-28T14:52:21.114Z

NVD

Status : Analyzed

Published: 2025-02-28T07:15:33.863

Modified: 2025-03-06T17:52:55.370

Link: CVE-2025-0764

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T03:45:20Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object