CVE-2026-28560 | gVectors wpForo Forum up to 2.4.15 json_encode cross site scripting

Inserito da Angelo Barbosa | Mar 1, 2026 | CVE

A vulnerability identified as problematic has been detected in gVectors wpForo Forum up to 2.4.15. Impacted is the function json_encode. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-28560. The attack is possible to be carried out remotely. No exploit exists.

You should upgrade the affected component.

CVE-2026-28560 | gVectors wpForo Forum up to 2.4.15 json_encode cross site scripting

Post correlati

CVE-2023-32874 | MediaTek MT6990 Modem IMS Stack out-of-bounds write (MOLY01161803)

CVE-2024-23727 | Kami Vision YI Smart up to 1.0.0_20231219 on Android WebViewActivity cross site scripting

CVE-2024-24332 | Totolink A3300R 17.0.0cu.557_B20221024 setUrlFilterRules url command injection

CVE-2024-37233 | Play.ht Plugin up to 3.6.4 on WordPress improper authentication