VYPR
Unrated severityNVD Advisory· Published Feb 28, 2026· Updated Mar 6, 2026

wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler

CVE-2026-28555

Description

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.