CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.1%

CVSS Severity

CVSS v3 Score 5.3

References

https://wordpress.org/plugins/wpforo/
https://wordpress.org/plugins/wpforo/#developers
https://www.vulncheck.com/advisories/wpforo-forum-information-disclosure-via-global-rss-feed

Products affected by CVE-2026-28559

Gvectors » Wpforo Forum » Version: 2.4.0

cpe:2.3:a:gvectors:wpforo_forum:2.4.0
Gvectors » Wpforo Forum » Version: 2.4.1

cpe:2.3:a:gvectors:wpforo_forum:2.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28559

Products

Pricing

Contact Us