CVE-2026-28561 — wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across m — CVE Database · The Intelligence Room