Notifications

Clear all

Limited Support

Our support team is currently on holiday from December 25, 2025 to January 7, 2026, and replies may be delayed during this period.

We appreciate your patience and understanding while our team is away. Thank you for being part of the wpForo community!

Merry Christmas and Happy Holidays! 🎄

[Solved] wpForo Forum < 2.1.0 - Subscriber+ Arbitrary File Upload

How-to and Troubleshooting

Last Post by kirua78 3 years ago

5 Posts

2 Users

1 Reactions

1,977 Views

RSS

Posts: 3

kirua78

Topic starter

Nov 21, 2022 11:12 am

(@kirua78)

Active Member

Joined: 3 years ago

Hi,

I'am using wpforo in version 1.9.9.1 and the plugin is vulnerable as : https://wpscan.com/vulnerability/d54d5500-e034-4a4b-ab06-af2e84b7554b

Because of some custom code it is impossible to update the plugin for this time.

My question it is possible to disable the upload for subscriber user ? Or do anything that can fix the vuln ?

Thanks for your help

Topic Tags

file attachment file extensions

4 Replies

Posts: 3610

Chris

Nov 21, 2022 2:39 pm

(@chris)

Famed Member

Joined: 4 years ago

Hi @kirua78,

Navigate to Dashboard > wpForo > Settings > Spam Protection, and check Do not allow attaching files with following extensions field

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Posts: 3

kirua78

Topic starter

Nov 21, 2022 3:46 pm

(@kirua78)

Active Member

Joined: 3 years ago

Hi Chris,

Thanks for your reply, but i dont have the setting spam protection, i need to install a specific addons ?

1 Reply

Chris

(@chris)

Joined: 4 years ago

Famed Member

Posts: 3610

Nov 22, 2022 1:35 pm

Reply to

kirua78

@kirua78,

You have spam protection in wpForo Settings, just look carefully and you will find it.

Or insert your domain in this path:

https://yourdomain/wp-admin/admin.php?page=wpforo-settings&wpf_tab=antispam

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Posts: 3

kirua78

Topic starter

Nov 22, 2022 4:41 pm

(@kirua78)

Active Member

Joined: 3 years ago

Perfect, thanks for your help

RE: CloudFlare not showing wpforo widget updates

Thanks for getting back to me. Figured it out, in the L...

By PalKat , 2 hours ago
RE: AI Integration

Hi @robert Thank you very much for this information....

By reitonas , 4 hours ago
RE: Usergroups assigned at registration

Hi @saustin123 , I don't see why you think the "Job T...

By Robert , 2 days ago
RE: Problem avatar

Hi @pierre999 , For some reason Gravatar service has ...

By Robert , 2 days ago
RE: wpForo hooks, where to get documentation?

@cola, Sure, I'll ask our developers to contact you. ...

By Robert , 3 days ago
Re: No thank you page after registration

@forumlover, To set up a redirect after user registrat...

By wpForo Support , 3 days ago
RE: SPAM ATTACK!!!

Dear Cotner, Thank you for letting us know. We’ll d...

By Sofy , 4 days ago

15 Forums
14 K Topics
70.4 K Posts
100 Online
12.7 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed