Loading
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum discussions.
Use CWE-862, Gvectors vendor hub and Wpforo Forum product page to widen CVE-2026-28555 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-28562, CVE-2024-43289 and CVE-2026-28557 for nearby disclosures in the same product family.