Volerion logoVolerion
Volerion logoVolerion

wpForo Forum Missing Authorization Vulnerability in Post Approval AJAX Handler

Vulnerability

A missing authorization vulnerability has been identified in wpForo Forum version 2.4.14. This vulnerability allows authenticated subscribers to approve or unapprove any forum post using the wpforo_approve_ajax AJAX handler. The issue arises because the nonce check is the only validation in place, enabling users to bypass moderation controls by submitting a valid nonce along with an arbitrary post ID.

Impact

Exploitation of this vulnerability allows for unauthorized approval or disapproval of forum posts, bypassing established moderation controls.

Remediation

Users are advised to update to wpForo Forum version 2.4.16, which includes permission checks for post approval actions.

Added: Feb 28, 2026, 10:21 PM
Updated: Feb 28, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
0.6
exploitability
5.4
remediation
7.7
relevance
3.6
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.