#WordPress wpForo p...
Clear all

[Solved] #WordPress wpForo plugin

4 Posts
4 Users
1 Reactions
Posts: 1
Topic starter
New Member
Joined: 8 months ago


My security plugin tells me this

#WordPress wpForo plugin <= 2.2.5 - Cross Site Request Forgery (CSRF) on Sign-out vulnerability
-Vulnerability type: Cross Site Request Forgery (CSRF)
-No Update Available

I see in the previous updates it says it fixes it, but looks like its persistent.

What can we the users of the plugin do to avoid attacks?

Same with XXS?

3 Replies
Posts: 222
Reputable Member
Joined: 6 years ago

Well, according to the change log for version 2.2.5, this vulnerability was fixed.  So either the fix was ineffective, and they have discovered that it can still be exploited even after the fix, or they have not reviewed the new version enough to notice it was fixed.

So yeah, we must wait for the Developers to respond. Furthermore, I don't believe this is a severe vulnerability, as all they can do is log out a user from the site IF they get that user to click on a specifically crafted link. Correct me if I'm wrong, but I think that's all there is to it.

Posts: 406
Joined: 8 years ago



No real major issues were found. We have specifically released wpForo version 2.2.6, and we hope that the individuals who reported the vulnerabilities will confirm on their end that the status has been fixed.

1 Reply
Joined: 4 years ago

Famed Member
Posts: 2616

@blackraz IF we all use really some GOOD firewall (in PREPEND/ADVANCED mode), even IF issues exists, they are blocked. In ALL plugins, not just wpForo.

Use Ninja Firewall, and sleep at night.