Notifications

Clear all

Limited Support

Our support team is currently on holiday from December 25, 2025 to January 7, 2026, and replies may be delayed during this period.

We appreciate your patience and understanding while our team is away. Thank you for being part of the wpForo community!

Merry Christmas and Happy Holidays! 🎄

[Solved] Vulnerability found in 2.2.7

Bug Reports

Last Post by Jasper 2 years ago

5 Posts

3 Users

1 Reactions

1,114 Views

RSS

Posts: 29

Jasper

Topic starter

Dec 06, 2023 3:26 pm

(@jasper)

Eminent Member

Joined: 2 years ago

Defender Pro security plugin is continually picking this up over the last few updates:

#WordPress wpForo plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) on Sign-out vulnerability
-Vulnerability type: Cross Site Request Forgery (CSRF)

Anything to worry about?

Topic Tags

4 Replies

Posts: 2600

dimalifragis

Dec 06, 2023 3:51 pm

(@dimalifragis)

Famed Member

Joined: 6 years ago

Real issue or not, if you have

Ninja Fireall for Wordpress, correctly configured

https://wordpress.org/plugins/ninjafirewall/

there is nothing to worry about. BE PROACTIVE.

1 Reply

Jasper

(@jasper)

Joined: 2 years ago

Eminent Member

Posts: 29

Dec 06, 2023 3:56 pm

Reply to

dimalifragis

@dimalifragis

I have server-side WAF as well as the Defender Pro firewall.

I think another might be overkill!

Posts: 10606

Robert

Admin

Dec 06, 2023 5:20 pm

(@robert)

Support Team

Joined: 10 years ago

@jasper,

This is a false positive report. This issue has been fixed in 2.2.3 version, however the problem report don't response to our emails and don't remove it. So this is a outdated wrong information.

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.