Advertisement
Security

Critical Privilege Escalation Flaw Found in Bricksforge WordPress Plugin

A critical vulnerability in the Bricksforge WordPress plugin allows unauthenticated attackers to create unauthorized administrator accounts.

··1 hour ago·1 min read
shallow focus photography of computer codes
Photo by Shahadat Rahman on Unsplash
Advertisement

The Bricksforge plugin for WordPress, in all versions up to and including 3.1.8.6, is affected by a critical privilege escalation vulnerability tracked as CVE-2026-14956. The flaw stems from improper validation of the fieldIds parameter within the Pro Forms registration action, which permits the injection of attacker-supplied field IDs into the trusted form-field whitelist.

This vulnerability carries a CVSS score of 9.8 and poses a significant security risk. By submitting a crafted request to a publicly accessible Bricksforge Pro Forms element configured with the User Registration action, an unauthenticated attacker can register a new account with administrative privileges.

Site administrators using the Bricksforge plugin are advised to verify their Pro Forms configurations and monitor for updates to address this security deficiency.

#privilege escalation#wordpress#bricksforge#cve-2026-14956#vulnerability

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement