Critical Privilege Escalation Flaw Found in Bricksforge WordPress Plugin
A critical vulnerability in the Bricksforge WordPress plugin allows unauthenticated attackers to create unauthorized administrator accounts.
The Bricksforge plugin for WordPress, in all versions up to and including 3.1.8.6, is affected by a critical privilege escalation vulnerability tracked as CVE-2026-14956. The flaw stems from improper validation of the fieldIds parameter within the Pro Forms registration action, which permits the injection of attacker-supplied field IDs into the trusted form-field whitelist.
This vulnerability carries a CVSS score of 9.8 and poses a significant security risk. By submitting a crafted request to a publicly accessible Bricksforge Pro Forms element configured with the User Registration action, an unauthenticated attacker can register a new account with administrative privileges.
Site administrators using the Bricksforge plugin are advised to verify their Pro Forms configurations and monitor for updates to address this security deficiency.
Continue Reading
Grav Login Plugin Vulnerability Allows Two-Factor Authentication Bypass
A critical flaw in Grav versions before 2.0.4 permits attackers to bypass two-factor authentication by overwriting existing security secrets.
Clawvet API Server Vulnerability Exposes User Data via Hard-Coded Secret
A critical vulnerability in clawvet API versions before 0.7.5 allows unauthenticated attackers to forge session cookies and access sensitive user information.
Formalizing the Vulnerability Lifecycle
International agencies are pushing software vendors to adopt standardized vulnerability disclosure frameworks for better security.