CVE-2022-40206

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt