Security Advisory

CVE-2026-28555

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-28 21:47:35

Last updated 2026-05-11 23:11:35

Assigner VulnCheck

State PUBLISHED

Description

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.

← Browse all CVEs View on cve.org ↗