An arbitrary file deletion vulnerability in the wpForo Forum WordPress plugin could allow unauthorized removal of critical system files.

The plugin contains a vulnerability that allows for arbitrary file deletion. This can lead to service instability or the deletion of critical configuration files, depending on the attacker's ability to interact with the plugin's functionality.

With a CVSS score of 8.8, this is a high-risk vulnerability. An attacker could potentially disrupt business operations by deleting essential files, leading to site downtime or the removal of security-critical configuration files that could facilitate further system compromise.

Immediate Action: Update the wpForo Forum plugin to the latest version immediately to resolve the file deletion flaw.

Proactive Monitoring: Monitor file system integrity and review WordPress logs for unusual activity related to the plugin.

Compensating Controls: Remove the plugin if it is not strictly necessary for business operations, and ensure that the WordPress installation is running with restricted file system permissions.

Public Exploit Available: false

This vulnerability is highly severe and requires immediate remediation. Organizations should update the plugin as soon as a patch is confirmed available by the developer or remove the plugin to eliminate the risk entirely.