CVE-2026-28556 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_…
Medium CVSS: 5.3

CVE-2026-28556

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without moderator permissions, including relocating topics to private forums.
Vendor
Gvectors
Product
Wpforo Forum
CWE
CWE-862
Yayın Tarihi
2026-02-28 22:16:02
Güncelleme
2026-03-04 02:52:09
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-862 Wpforo Forum MEDIUM Gvectors 2026

Referanslar

https://wordpress.org/plugins/wpforo/ https://wordpress.org/plugins/wpforo/#developers https://www.vulncheck.com/advisories/wpforo-forum-missing-authorization-via-topic-management-form-handlers