CVE-2026-28559 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the g…
Medium CVSS: 6.9

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.
Vendor
Gvectors
Product
Wpforo Forum
CWE
CWE-200
Yayın Tarihi
2026-02-28 22:16:02
Güncelleme
2026-03-04 02:47:44
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-200 Wpforo Forum MEDIUM Gvectors 2026

Referanslar

https://wordpress.org/plugins/wpforo/ https://wordpress.org/plugins/wpforo/#developers https://www.vulncheck.com/advisories/wpforo-forum-information-disclosure-via-global-rss-feed