External risk intelligence

Bricksforge WordPress Plugin Privilege Escalation Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-14956

The vulnerability exists in a WordPress plugin feature designed for public-facing user registration forms. Because the exploit is triggered via a public registration endpoint that is intended to be accessible to anyone on the internet, the vulnerable surface is public-facing by design in normal deployment.

Privilege Escalation

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in the Bricksforge WordPress plugin could allow unauthenticated attackers to create new administrator accounts on affected sites. This issue stems from improper validation of a parameter within the Pro Forms registration feature, potentially enabling the addition of attacker-supplied field IDs to a trusted list. The main concern is confirming whether your WordPress sites use this specific plugin with its user registration functionality enabled, as this would create an exposure risk.

  • Attackers can add new admins to your site.
  • Public registration forms are the potential entry point.
  • Verify plugin use and configuration to assess risk.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this vulnerability by targeting a publicly accessible Bricksforge Pro Forms registration form. By sending a specially crafted request containing attacker-supplied field IDs, the attacker can trick the plugin into adding these IDs to a trusted list. This allows the attacker to register a new administrator account, potentially leading to full control of the WordPress site.

  • Requires public Pro Forms registration form.
  • Triggers by submitting crafted registration request.
  • Grants administrator privileges to attacker.

Live Threat

Current exploitation, exposure, and threat context

Unauthenticated attackers could potentially create a new administrator account on a WordPress site that has a publicly accessible Bricksforge Pro Forms element configured with the User Registration action. This is possible due to insufficient validation of user-supplied field IDs when registering new forms.

  • Website administrator access.
  • Via a crafted request to a registration form.
  • Unauthorized control over the website.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Bricksforge plugin's privilege escalation vulnerability necessitates action from WordPress administrators and security teams. The first practical step is to identify all WordPress instances utilizing the Bricksforge plugin, specifically those with Pro Forms configured for user registration and accessible publicly. Subsequently, confirm the business criticality of these instances and the potential exposure to unauthenticated attackers before planning remediation.

  • WordPress administrators own the issue.
  • Verify public Pro Forms with user registration.
  • Plan remediation for exposed instances.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Bricksforge plugin for WordPress?

Bricksforge is a specialized plugin designed to extend the capabilities of the Bricks visual builder for WordPress. It provides various features, such as the Pro Forms module, which allows site owners to create custom forms for tasks like contact inquiries or user registrations directly within their WordPress environment.

What does CVE-2026-14956 mean by privilege escalation?

This vulnerability, classified as CWE-269, involves improper control of access rights. Specifically, it allows an unauthenticated user to bypass normal restrictions and create an account with administrative privileges. By manipulating registration data, an attacker tricks the plugin into granting them full control over the website instead of a standard user role.

How is this Bricksforge vulnerability triggered?

The flaw is triggered by submitting a specifically crafted request to a Bricksforge Pro Forms registration form. The plugin fails to validate user-provided field IDs, allowing an attacker to inject their own parameters. Importantly, if a site does not have a Pro Forms element configured with the User Registration action enabled, this specific attack path does not exist.

Do I need to worry if my site is not public-facing?

According to Halo Surface Signal, this vulnerability is most concerning for sites where the Bricksforge registration form is intentionally exposed to the internet. Since the exploit relies on reaching a public registration endpoint, sites that are strictly internal or lack public user-facing forms have a significantly different risk profile.

What should I do first to address this CVE?

Your first step is to perform an inventory of all WordPress instances to identify which are running the Bricksforge plugin. Focus your assessment on sites that utilize the Pro Forms feature for user registration. Once identified, evaluate if those specific forms are publicly accessible, as these represent the primary targets for exploitation.

References