What is CVE-2026-28559?

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that are only applied when a specific forum ID is present in the query.

What is the severity of CVE-2026-28559?

CVE-2026-28559 has a CVSS v3 score of 5.3, which is classified as Medium severity.

Is there an exploit available for CVE-2026-28559?

No known public exploits are currently available for CVE-2026-28559.

Is there a patch available for CVE-2026-28559?

No official patches have been released yet for CVE-2026-28559. Consider implementing workarounds or mitigations.

CVE-2026-28559 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Vendor	Product
Gvectors	Wpforo Forum

CVE-2026-28559 - CVE Details, Severity, and Analysis | Strobes VI