N/A
2026-04-21< 3.0.2
wpForo Forum < 3.0.2 - Missing Authorization
wpForo Forum
Minimum safe version
3.0.6
Update to 3.0.6 or later to address 48 fixable vulnerabilities
Latest available3.0.9 ✓⚠ 1 vulnerability has no fix
High 8.1
2026-04-20< 3.0.6
CVE-2026-6248
Medium 6.5
2026-04-17< 3.0.0
CVE-2026-4666
N/A
2026-02-10< 2.4.14
wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection
N/A
2026-02-18< 2.4.15
wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection
N/A
2026-04-03< 2.4.17
wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body
High 7.1
2026-04-11< 3.0.3
wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter
Medium 4.3
2026-02-28< 2.4.16
CVE-2026-28554
Medium 4.3
2026-02-28< 2.4.16
CVE-2026-28555
Medium 5.4
2026-02-28< 2.4.16
CVE-2026-28556
Medium 6.5
2026-02-28< 2.4.16
CVE-2026-28557
Medium 5.4
2026-02-28< 2.4.16
CVE-2026-28558
Medium 5.3
2026-02-28< 2.4.16
CVE-2026-28559
Medium 4.8
2026-02-28< 2.4.16
CVE-2026-28560
Medium 4.8
2026-02-28< 2.4.16
CVE-2026-28561
Critical 9.8 Unfixed
2026-02-28≤ 2.4.14
wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter
High 7.5
2025-12-18< 2.4.11
CVE-2025-66070
High 7.5
2025-12-14< 2.4.13
CVE-2025-13126
Medium 6.5
2025-11-01< 2.4.10
CVE-2025-11740
High 7.5
2025-10-25< 2.4.9
wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function
Medium 4.3
2025-09-03< 2.4.7
CVE-2025-58597
Medium 5.4
2025-07-10< 2.4.6
wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar
High 7.6
2025-04-04< 2.4.4
CVE-2025-31420
Medium 6.5
2025-02-28< 2.4.2
WordPress wpForo Forum Plugin <= 2.4.1 is vulnerable to Arbitrary File Download
High 8.1
2024-08-18< 2.3.5
CVE-2024-43288
High 7.5
2024-08-26< 2.3.5
CVE-2024-43289
Medium 6.5
2024-06-03< 2.3.4
WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection
Medium 6.5
2023-11-30< 2.2.4
CVE-2023-47872
High 7.3
2024-05-17< 2.2.4
CVE-2023-47868
High 7.1
2023-11-30< 2.2.9
CVE-2023-47870
Medium 4.3
2024-12-09< 2.2.6
CVE-2023-47869
Medium 4.3
2024-06-21< 2.1.0
CVE-2022-38055
Medium 6.1
2023-07-24< 2.1.9
CVE-2023-2309
High 8.8
2023-06-22< 2.1.8
WordPress wpForo Forum Plugin <= 2.1.7 is vulnerable to Local File Inclusion
N/A
< 2.1.0
WordPress wpForo Forum Plugin <= 2.0.9 is vulnerable to Other Vulnerability Type
High 7.1
2022-11-17< 2.1.0
CVE-2022-40192
Critical 9.9
2022-11-17< 2.1.0
CVE-2022-40200
Medium 5.4
2022-11-08< 2.0.6
CVE-2022-40632
Medium 6.3
2022-11-26< 2.0.6
wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change
Medium 5.4
2022-11-08< 2.0.6
CVE-2022-40205
N/A
2022-09-09< 2.0.6
CVE-2022-38144
Critical 9.8
2018-06-20< 1.4.13
WordPress wpForo Forum plugin <= 1.4.9 - Unauthenticated SQL Injection (SQLi) vulnerability
Medium 6.1
2018-06-20< 1.4.12
WordPress wpForo Forum plugin <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Critical 9.8
2019-06-19< 1.5.2
CVE-2018-16613
Medium 6.1
2020-06-15< 1.7.0
CVE-2019-19112
Medium 6.1
2020-06-15< 1.7.0
CVE-2019-19111
Medium 4.8
2020-06-15< 1.7.0
CVE-2019-19110
High 8.8
2020-06-15< 1.7.0
CVE-2019-19109
Medium 6.1
2021-07-06< 1.9.7
CVE-2021-24406