6 versions available
Subscribe to connect and install
Preparation release for wpForo 3.0 AI Edition. Adds upgrade protection and admin notice about the upcoming major version. == Changelog == IMPORTANT NOTES for UPDATE - After the update, please delete all caches and purge CDN if you have - After the update, please flush Redis Object Cache if you have this cache enabled = wpForo Forum 2.4.16 - Last 2.x Version | 28.02.2026 = [Next wpForo Release - v3.0 Beta Release Summary](https://wpforo.com/community/wpforo-3-beta-test/wpforo-3-0-ai-edition-we-start-early-access-beta-program/) * New: Admin notice announcing wpForo 3.0 AI Edition with links to introduction and beta program * New: Auto-update protection — blocks automatic updates from 2.x to 3.x to prevent unattended major upgrades * New: Inline warning on Plugins page when wpForo 3.0 update is available * New: Auto-update toggle replaced with backup reminder when major version is pending * Security: Added permission checks for post approve/unapprove actions * Security: Added permission checks for topic close/open actions * Security: Added permission checks for topic move, merge, and split actions * Security: Added capability check for role synchronization * Security: Fixed RSS feed exposing private and unapproved content * Security: Fixed stored XSS via forum description output * Security: Blocked SVG file uploads in avatar to prevent XSS * Security: Replaced json_encode with wp_json_encode to prevent script injection = wpForo Forum 2.4.0 - 2.4.15 | 10.02.2026 = [wpForo Forum v2.4 Release Summary](https://wpforo.com/community/wpforo-announcements/wpforo-2-4-is-released/) * Version 2.4.15 * Security: Vulnerability - Unauthenticated Time-Based SQL Injection * --------- * Version 2.4.14 * Security: Vulnerability - Authenticated (Subscriber+) PHP Object Injection * --------- * Version 2.4.13 * Security: Vulnerability - Unauthenticated SQL Injection * --------- * Version 2.4.12 * Compatibility: PHP 8.5 * Compatibility: WordPress 6.9 * Security: Vulnerability - Unauthenticated SQL Injection * Fixed: Multi-language integration issues with Polylang * --------- * Version 2.4.11 * Security: Vulnerability - Unauthenticated Attacker to Post Revisions * --------- * Version 2.4.10 * Security: Vulnerability Authenticated (Susbscriber+) SQL Injection * Fixed Bug: PHP Error: array_filter(): Argument #1 ($array) must be of type array, string given in classes/Members.php:2032 * --------- * Version 2.4.9 * Security: Unauthenticated SQL Injection * Security: Object unserialize code injection * --------- * Version 2.4.8 * Added: New option in widgets to sort topics/posts randomly * Fixed Bug: Post editor text/object alignment issue * --------- * Version 2.4.7 * Removed: Unnecessary profile buttons of guest posters * Removed: HTML tags from category description * Security: Fixed IDOR vulnerability, Insecure Direct Object References * Addon Support: The rich editor is modified to allow aligning (left,right,center) gif and inline attachment objects * Addon Support: Supports displaying voters on poll result * Fixed Bug: PHP Error on the activation process of a user registration. Fatal error: Uncaught TypeError: array_intersect(): Argument #1 ($array) must be of type array, null given in /wp-content/plugins/wpforo/includes/hooks.php:37 * Fixed Bug: Missing user information in the admin email when user deletes own account * --------- * Version 2.4.6 * Security: Fixed XSS vulnerability, Stored Cross-Site Scripting * Updated: Hooks to manage the email sending test and error report in the tools * Fixed Bug: Text domain loading issue * Fixed Bug: Link RSS Module and RSS Settings to disable if the module is disabled * Fixed Bug: PHP Warning: Undefined array key max-number-value when wpForo is integrated with Profile Builder plugin. * --------- * Version 2.4.5 * Fixed Bug: Q&A forum layout threads issue on mobile devices * Fixed Bug: Warning: Trying to access array offset on null in ../functions-template.php * Fixed Bug: Missing field 'url' (in 'author') with DiscussionForumPosting structured data * Fixed Bug: Missing field 'name' (in 'comment.author') with DiscussionForumPosting structured data * --------- * Version 2.4.3 - 2.4.4 * Added: Discussion forum (DiscussionForumPosting) structured data for Google Search * Security: Fixed issue with manipulation and privilege escalation via hidden parameter * Fixed Bug: BuddyPress Integration problems related to deprecated functions * Fixed Bug: False positive spam file detection and notification in the dashboard * Fixed Bug: Problems related to PHP 8.4 * Fixed Bug: Issues with saving antispam settings * Fixed Bug: More robust solution for "Arbitrary File Reading" problem by changing `wp_remote_get()` function to `wp_safe_remote_get()` * --------- * Version 2.4.2 * Security: Unauthenticated Arbitrary File Read in update * Fixed Bug: In some cases user couldn't see own private topics * Fixed Bug: Problem with topic slugs containing negative number (-1234) * Fixed Bug: Issue with x.com URL in users profile pages * Fixed Bug: Forum tree displaying issue related the secondary user-groups cache * --------- *
Forum reaction extension for wpForo that enables members to express reactions to posts and discussions.
Extends wpForo forum plugin with advanced file attachment management, permissions, and storage controls for enhanced file sharing.
Addon that enables automatic embedding of external media content within wpForo forum posts and discussions.
Enables creation and management of custom user profile fields within wpForo forums for enhanced user data collection.
Integrates wpForo forums with WooCommerce Memberships to control forum access and features based on membership status.
Integrates wpForo forums with Paid Memberships Pro to restrict forum access and features based on membership levels.