5 matches found
CVE-2026-28556
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...
EUVD-2026-9105
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...
CVE-2026-28556
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...
CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...
PT-2026-22477
Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description An issue exists in wpForo Forum that allows authenticated subscribers to perform actions typically reserved for moderators. Specifically, attackers can move, merge, or split any forum topic using the top...