Unrated severityNVD Advisory· Published Feb 28, 2026· Updated Mar 6, 2026

wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

CVE-2026-28559

Description

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.

Affected products

Minibb/Forumllm-fuzzy
Range: = 2.4.14
gVectors Team/wpForo Forumv5
Range: 2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/wpforo/mitrepatch
www.vulncheck.com/advisories/wpforo-forum-information-disclosure-via-global-rss-feedmitrethird-party-advisory
wordpress.org/plugins/wpforo/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000