7
0
0
0
Vulnerability Timeline
7 vulnerabilities discovered over time for Wpforo forum
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-28561 | 4.8 | This vulnerability allows an attacker to inject malicious JavaScript into a forum's description, which can then run whenever any user views that forum. It requires either a compromised admin account or a multisite setup where the attacker can modify the forum description. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
| CVE-2026-28560 | 4.8 | This vulnerability allows an attacker to inject malicious scripts that can run in the browsers of all visitors to a wpForo forum. It occurs when an attacker manipulates the forum's URL by including certain characters, which lets them break out of the intended code and execute their own scripts. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
| CVE-2026-28559 | 6.9 | This vulnerability allows attackers to access private and unapproved forum topics by exploiting the RSS feed feature, even if they are not logged in. It occurs when they request the feed without specifying a forum ID, which skips important privacy checks meant to protect that information. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
| CVE-2026-28558 | 5.1 | This vulnerability allows an attacker to execute malicious code in the web browsers of users who view their profile page by uploading a specially crafted SVG file as their avatar. To exploit this, the attacker must be an authenticated subscriber on the wpForo Forum platform. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
| CVE-2026-28556 | 5.3 | This vulnerability allows authenticated users, like regular subscribers, to move, merge, or split any forum topics without needing moderator permissions, potentially relocating sensitive discussions to private areas. To exploit this, the attacker must have a valid form nonce, which means they need to be logged into the forum. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
| CVE-2026-28555 | 5.3 | This vulnerability allows authenticated users, like regular subscribers, to close or reopen any topic in the wpForo forum, disrupting discussions. It requires the attacker to submit a valid security token along with the topic ID, bypassing the usual permissions needed for moderators. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
| CVE-2026-28554 | 5.3 | This vulnerability allows authenticated users, like subscribers, to approve or unapprove any forum post without proper permissions, effectively bypassing moderation controls. To exploit this, an attacker just needs to be logged in and submit a valid request with the post ID they want to manipulate. | gvectorswpforo forum | Theoretical | about 1 month agoFeb 28, 2026 |
About Gvectors Wpforo forum Security
This page provides comprehensive security vulnerability tracking for Gvectors Wpforo forum. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Wpforo forum updated to the latest version
- • Subscribe to security advisories from Gvectors
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately