CVE-2026-28557 | gVectors wpForo Forum up to 2.4.15 AJAX wpforo_synch_roles authorization

A vulnerability has been found in gVectors wpForo Forum up to 2.4.15 and classified as critical. Affected is the function wpforo_synch_roles of the component AJAX Handler. The manipulation leads to missing authorization.

This vulnerability is documented as CVE-2026-28557. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More