Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-28559 — wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers requ…

wpforo_forum | Remote | Information Disclosure
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
6.4 MEDIUM
CVE-2026-28558 — wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attacker…

wpforo_forum | Remote | Cross-Site Scripting
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
7.1 HIGH
CVE-2026-28557 — wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers …

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
5.4 MEDIUM
CVE-2026-28556 — wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form…

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
5.3 MEDIUM
CVE-2026-28555 — wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid…

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 04, 2026
Feb 28, 2026
Mar 04, 2026
5.3 MEDIUM
CVE-2026-28554 — wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exp…

wpforo_forum | Remote | Authorization
Feb 28, 2026 Mar 05, 2026
Feb 28, 2026
Mar 05, 2026
Showing 20 of 5886 Results