Submit Changelog
Track Changelogs

wpForo Forum

Changelog

IMPORTANT NOTES for UPDATE

  • After the update, please delete all caches and purge CDN if you have
  • After the update, please flush Redis Object Cache if you have this cache enabled

wpForo Forum 2.4.16 – Last 2.x Version | 28.02.2026

Next wpForo Release – v3.0 Beta Release Summary

  • New: Admin notice announcing wpForo 3.0 AI Edition with links to introduction and beta program
  • New: Auto-update protection — blocks automatic updates from 2.x to 3.x to prevent unattended major upgrades
  • New: Inline warning on Plugins page when wpForo 3.0 update is available
  • New: Auto-update toggle replaced with backup reminder when major version is pending
  • Security: Added permission checks for post approve/unapprove actions
  • Security: Added permission checks for topic close/open actions
  • Security: Added permission checks for topic move, merge, and split actions
  • Security: Added capability check for role synchronization
  • Security: Fixed RSS feed exposing private and unapproved content
  • Security: Fixed stored XSS via forum description output
  • Security: Blocked SVG file uploads in avatar to prevent XSS
  • Security: Replaced json_encode with wp_json_encode to prevent script injection

wpForo Forum 2.4.0 – 2.4.15 | 10.02.2026

wpForo Forum v2.4 Release Summary

  • Version 2.4.15
  • Security: Vulnerability – Unauthenticated Time-Based SQL Injection
  • ———
  • Version 2.4.14
  • Security: Vulnerability – Authenticated (Subscriber+) PHP Object Injection
  • ———
  • Version 2.4.13
  • Security: Vulnerability – Unauthenticated SQL Injection
  • ———
  • Version 2.4.12
  • Compatibility: PHP 8.5
  • Compatibility: WordPress 6.9
  • Security: Vulnerability – Unauthenticated SQL Injection
  • Fixed: Multi-language integration issues with Polylang
  • ———
  • Version 2.4.11
  • Security: Vulnerability – Unauthenticated Attacker to Post Revisions
  • ———
  • Version 2.4.10
  • Security: Vulnerability Authenticated (Susbscriber+) SQL Injection
  • Fixed Bug: PHP Error: array_filter(): Argument #1 ($array) must be of type array, string given in classes/Members.php:2032
  • ———
  • Version 2.4.9
  • Security: Unauthenticated SQL Injection
  • Security: Object unserialize code injection
  • ———
  • Version 2.4.8
  • Added: New option in widgets to sort topics/posts randomly
  • Fixed Bug: Post editor text/object alignment issue
  • ———
  • Version 2.4.7
  • Removed: Unnecessary profile buttons of guest posters
  • Removed: HTML tags from category description
  • Security: Fixed IDOR vulnerability, Insecure Direct Object References
  • Addon Support: The rich editor is modified to allow aligning (left,right,center) gif and inline attachment objects
  • Addon Support: Supports displaying voters on poll result
  • Fixed Bug: PHP Error on the activation process of a user registration. Fatal error: Uncaught TypeError: array_intersect(): Argument #1 ($array) must be of type array, null given in /wp-content/plugins/wpforo/includes/hooks.php:37
  • Fixed Bug: Missing user information in the admin email when user deletes own account
  • ———
  • Version 2.4.6
  • Security: Fixed XSS vulnerability, Stored Cross-Site Scripting
  • Updated: Hooks to manage the email sending test and error report in the tools
  • Fixed Bug: Text domain loading issue
  • Fixed Bug: Link RSS Module and RSS Settings to disable if the module is disabled
  • Fixed Bug: PHP Warning: Undefined array key max-number-value when wpForo is integrated with Profile Builder plugin.
  • ———
  • Version 2.4.5
  • Fixed Bug: Q&A forum layout threads issue on mobile devices
  • Fixed Bug: Warning: Trying to access array offset on null in ../functions-template.php
  • Fixed Bug: Missing field ‘url’ (in ‘author’) with DiscussionForumPosting structured data
  • Fixed Bug: Missing field ‘name’ (in ‘comment.author’) with DiscussionForumPosting structured data
  • ———
  • Version 2.4.3 – 2.4.4
  • Added: Discussion forum (DiscussionForumPosting) structured data for Google Search
  • Security: Fixed issue with manipulation and privilege escalation via hidden parameter
  • Fixed Bug: BuddyPress Integration problems related to deprecated functions
  • Fixed Bug: False positive spam file detection and notification in the dashboard
  • Fixed Bug: Problems related to PHP 8.4
  • Fixed Bug: Issues with saving antispam settings
  • Fixed Bug: More robust solution for “Arbitrary File Reading” problem by changing wp_remote_get() function to wp_safe_remote_get()
  • ———
  • Version 2.4.2
  • Security: Unauthenticated Arbitrary File Read in update
  • Fixed Bug: In some cases user couldn’t see own private topics
  • Fixed Bug: Problem with topic slugs containing negative number (-1234)
  • Fixed Bug: Issue with x.com URL in users profile pages
  • Fixed Bug: Forum tree displaying issue related the secondary user-groups cache
  • ———
  • Version 2.4.1
  • Compatibility: WordPress 6.7
  • Added: Request confirmation before deleting the account
  • Added: Email notification to admins when users delete their account
  • ———
  • Version 2.4.0
  • Added: Export and Import of settings. Allows you to export and import different groups of settings separately.
  • Added: Automatically change a post status to unapproved when an eligible user report it.
  • Added: reCAPTCHA to the [Add Topic] form in stand-alone topic creation page (/add-topic/)
  • SEO Optimization: Prevent indexing dynamic URLs with get parameters for when page is generated after selecting options in dropdown menus.
  • SEO Optimization: Added rel=”nofollow” to links in the user activity and favored pages.
  • Changed: Topic and post shortlinks previously showed a 404 error if the content was private or unapproved. Now, they redirect to the login page to authorize the user before displaying the content.
  • New Addon: wpForo – Advanced Reactions

wpForo Forum 2.3.0 – 2.3.5 | 01.08.2024

wpForo Forum v2.3 Release Summary

  • Version 2.3.5
  • Compatibility: WordPress 6.6
  • Changed: Display access title instead of the key in the forum access table
  • Fixed Bug: Issue with deleting own account
  • Fixed Bug: Vulnerability issue (Sensitive Data Exposure)
  • ———
  • Version 2.3.4
  • Fixed Bug: Vulnerability issue (By authenticated (Contributor+ users) SQL Injection)
  • Fixed Bug: Invisible replies in private topics
  • Fixed Bug: Prevent reCaptcha from being checked more than once
  • ———
  • Version 2.3.3
  • Changed: File naming logic of profile cover images
  • Changed: Ordering of forums and sub-forums in Threaded Layout
  • Changed: Using post’s short URL for [post_link] shortcode in email templates
  • Fixed Bug: Performance issue with large number of members
  • Fixed Bug: Permission issue with subscriptions and email notifications
  • ———
  • Version 2.3.2
  • Fixed Bug: Compatibility issue with some page builders
  • Fixed Bug: Dynamic Usergroup and User Role synchronization issues
  • Fixed Bug: Member search ordering issue (used by User Mentioning addon)
  • Fixed Bug: Custom values for max and minimum number of characters in the user password
  • ———
  • Version 2.3.1
  • Fixed Bug: Member search issue when use profile title
  • Fixed Bug: Usergroup and User Role synchronization issues
  • Fixed Bug: Editor focusing issue when using stickers and emojis
  • Fixed Bug: Permission issue for Authors to use Cross Posting addon
  • Fixed Bug: CSS Issue with the red circle notification on the admin bar
  • New Addon: wpForo – Groups Plugin Integration
  • ———
  • Version 2.3.0
  • Added: Option to change wpForo sidebar location (left or right)
  • Added: Red circle notification on the forum menu when there are unapproved posts
  • Added: Extended the max rating level to 14, use wpforo_max_rating_levels hook
    • PHP code snippet example:
    • add_filter(‘wpforo_max_rating_levels’, function($count){return 14;});
  • Improved: Topic search and suggestion when creating a new topic
  • Fixed Bug: Last login is incorrectly displaying current time in Dashboard > Members
  • Fixed Bug: Database Error: Syntax error, unexpected ‘@’, when search words contain @
  • Fixed Bug: Database Error on duplication key in _wpforo_visits table
  • Fixed Bug: PHP Error: Trying to access array on null in /profile-subscriptions.php on line 18

wpForo Forum 2.2.0 – 2.2.10 | 03.01.2024

wpForo Forum v2.2 Release Summary

  • Version 2.2.10
  • Added: New hooks requested by many developers
  • Fixed Bug: Improved the init_current_object() function to avoid PHP errors
  • Fixed Bug: Fix wpforo_urlencode() to lowcase URLs carefully
  • New Addon: wpForo – User Mentioning
  • Addon Update: wpForo – User Custom Field – Added [wpforo-members] shortcode with user fields filters and sorting parameters
  • ———
  • Version 2.2.9
  • Added: Topic type classes to wrapper divs for better styling
  • Added: Classes to all dates in topics and posts
  • Fixed Bug: Vulnerable to Cross Site Request Forgery (CSRF)
  • Fixed Bug: PHP Fatal error when BuddyPress or Ultimate Member is deactivated
  • Fixed Bug: Emoji encoding issue to be saved in utf8mb4 database tables
  • Fixed Bug: rel=”noindex,nofollow” to JS popup login and registration links
  • ———
  • Version 2.2.8
  • Added: Display subforums’ topics with the parent forum topics
  • Added: Can post and can listen to voice posting permissions
  • Fixed Bug: Fixed some font awesome icons
  • Fixed Bug: PHP Fatal Errors
  • Fixed Bug: Problems with options cache
  • New Addon: wpForo – Voice Posting
  • ———
  • Version 2.2.7
  • Improved: Forum search supports exact phrase search and boolean search:
    • For example: “search phrase” for exact phrase search
    • For example: +search +phrase for boolean search (“+” means AND;
    • For example: -“search phrase” for boolean search (“-” means NOT)
    • For example: search* for wildcard search
  • Added: rel=”nofollow” to share buttons and links
  • Updated: Font Awesome to 6.5.1
  • Updated: Replaced twitter share buttons to X, with icons and colors
  • Hooks: Added hooks to display user fields on posts and member list using wpForo User Custom Fields addon
  • ———
  • Version 2.2.6
  • Added: Detecting the timezone from the user’s browser if it’s not set in the account settings
  • Fixed Bug: Vulnerable to Cross Site Request Forgery (CSRF)
  • ———
  • Version 2.2.5
  • Compatibility: Adopted with old 7.x PHP version to avoid PHP errors
  • Fixed Bug: Last post information on forum list
  • Fixed Bug: Forum participants avatars
  • Fixed Bug: Vulnerability to Content Injection
  • Fixed Bug: Vulnerable to Cross Site Request Forgery (CSRF)
  • Fixed Bug: PHP error / Syntax error, unexpected ‘|’, expected variable (T_VARIABLE))
  • Fixed Bug: PHP error / Typed property wpforoclassesCache::$dir must not be accessed before initialization
  • Fixed Bug: PHP error / Argument #2 ($haystack) must be of type array, null given in includes/hooks.php:1528
  • Fixed Bug: PHP error / Trying to access array offset on value of type null in themes/2022/layouts/2/post.php
  • Fixed Bug: Fatal error on user login and registration
  • ———
  • Version 2.2.4
  • Compatibility: WordPress 6.4
  • Added: Hook to control enabled activity types for BuddyPress integration
  • Added: Better performance of Simplified forum layout
  • Changed: Twitter to X, icons and labels
  • Fixed Bug: XSS vulnerability issue
  • Fixed Bug: User registration vulnerability
  • Fixed Bug: Validating uploaded avatar files
  • Fixed Bug: No way to select empty value for dropdown field
  • Fixed Bug: Fatal error: array_merge() argument #2 must be of type array, null given in wpforo/classes/Activity.php:217
  • ———
  • Version 2.2.3
  • Added: New hooks for activity editing and deleting methods
  • Added: Suggesting correct page for setting forum as the home page
  • Fixed Bug: Statistic issue on forum list of the Simplified Layout
  • Fixed Bug: Remove auto-generation of log files
  • Fixed Bug: 404 error when accessing URLs with postid in numeric permalink structure
  • New Addon: wpForo – Paid Memberships Pro Integration
  • ———
  • Version 2.2.2
  • Added: Increase max length of avatar URL field
  • Added: Synchronize user roles and usergroups when roles are updated
  • Fixed Bug: Issue with adding new forum access in non-latin languages
  • Fixed Bug: Secondary usergroups syncing issue with multiple user roles
  • New Addon: wpForo – MemberPress Integration
  • New Addon: wpForo – SureMembers Integration
  • ———
  • Version 2.2.1
  • Fixed Bug: PHP Error with Blog-Forum Cross Posting addon
  • Fixed Bug: Forum board pageid shows “not found” message for Forum Admin
  • Fixed Bug: Permission issue with editing of forum cover image
  • ———
  • Version 2.2.0
  • Compatibility: WordPress 6.3
  • Added: Button to copy a forum with all settings and permissions in dashboard
  • Added: Filter hook to change wpForo forum cache directory wpforo_cache_dir
  • Added: New email shortcodes [user_group_name], [user_secondary_group_names]
  • Added: Improved forum canonical URL generation and filtering unnecessary parts
  • Added: Flexible forum tag separator, hook to change wpforo_tag_separator
  • Added: Shortcode for activity, account, and other forum profile pages
    • For example [wpforo item=”activity” id=”1″], the id is a user ID
  • Fixed Bug: PHP Fatal error when disable following and subscriptions modules
  • Fixed Bug: Issue with arabic comma in topic tags
  • Fixed Bug: RTL issues with some font-awesome forum icons
  • Fixed Bug: RTL issues with forum tags

Plugin Website
Visit website

Author
Tomdever
Version:
2.4.16
Last Updated
February 28, 2026
Active Installs
20000
Requires
WordPress 5.2
Tested Up To
WordPress 6.9.1
Requires PHP
7.2

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.