Primary

Context

wpForo Forum Missing Authorization Vulnerability in Topic Management

Vulnerability

Patched

A missing authorization vulnerability has been identified in wpForo Forum version 2.4.14. This vulnerability allows authenticated subscribers to close or reopen any forum topic using the wpforo_close_ajax handler. By submitting a valid nonce along with an arbitrary topic ID, users can bypass the required moderator permissions, potentially disrupting ongoing forum discussions.

Impact

Exploitation of this vulnerability allows for unauthorized modification of forum topic statuses, which could disrupt discussions and community engagement.

Remediation

Users can update to wpForo Forum version 2.4.16, which includes added permission checks for topic management actions. After updating, it is recommended to delete all caches and purge CDN if used.

Added: Feb 28, 2026, 10:27 PM

Updated: Feb 28, 2026, 10:27 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpForo Forum Missing Authorization Vulnerability in Topic Management

Vulnerability

Impact

Remediation

Affected Products

wpForo Forum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating