Volerion logoVolerion
Volerion logoVolerion

wpForo Forum Missing Authorization Vulnerability in Topic Management Actions

Vulnerability

A missing authorization vulnerability has been identified in wpForo Forum version 2.4.14. This vulnerability allows authenticated subscribers to manipulate forum topics by moving, merging, or splitting them using specific form action handlers. Attackers with a valid form nonce can reorganize forum content arbitrarily, without needing moderator permissions, and can even transfer topics to private forums.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of forum topics, allowing users to disrupt discussions or hide content from public view by moving topics to private forums.

Remediation

Users can update to wpForo Forum version 2.4.16, which includes added permission checks for topic management actions, to address this vulnerability.

Added: Feb 28, 2026, 10:20 PM
Updated: Feb 28, 2026, 10:20 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
0.6
exploitability
5.4
remediation
7.7
relevance
3.3
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.