Primary

Context

wpForo Forum Information Disclosure Vulnerability in RSS Feed

Vulnerability

Patched

An information disclosure vulnerability exists in wpForo Forum version 2.4.14. This vulnerability allows unauthenticated users to access private and unapproved forum topics through the global RSS feed endpoint. The issue arises because the RSS feed can be requested without a specific forum ID, bypassing the privacy and status checks that would normally prevent such access.

Impact

Exploitation of this vulnerability allows unauthorized users to access sensitive forum content that is meant to be private or unapproved.

Remediation

Users can update to wpForo Forum version 2.4.16, which addresses this vulnerability by adding permission checks for post approval and topic management actions, and by fixing the RSS feed issue that exposed private and unapproved content.

Added: Feb 28, 2026, 10:19 PM

Updated: Feb 28, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpForo Forum Information Disclosure Vulnerability in RSS Feed

Vulnerability

Impact

Remediation

Affected Products

wpForo Forum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating