Vendor
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion (CVE-2026-6248) due to insufficient validation and sanitization, allowing authenticated users to delete arbitrary files on the server, potentially leading to remote code execution.