Product
The Bricksforge plugin for WordPress, in versions up to and including 3.1.8.6, contains a critical privilege escalation vulnerability, CVE-2026-14956, allowing unauthenticated attackers to register new administrator accounts by manipulating the 'fieldIds' parameter in Pro Forms registration actions, leading to full compromise of the WordPress site.