Submit Changelog
Track Changelogs

wpForo Forum

Changelog

IMPORTANT NOTES for UPDATE

  • After the update, please delete all caches and purge CDN if you have
  • After the update, please flush Redis Object Cache if you have this cache enabled

wpForo Forum v3.0 Release Summary

wpForo Forum 3.0.5 | 13.04.2026

  • Security: Hardened sorting parameter validation
  • Fixed: PHP warning for undefined board locale property in Task Manager
  • Fixed: PHP warning for non-existent ram_cache method in AI Content Moderation
  • Fixed: AI Indexing admin page unnecessary auto-refresh when jobs queued for future

wpForo Forum 3.0.4 | 12.04.2026

  • Fixed: AI WordPress Content Indexing now works on hosts with disabled WP-Cron
  • Fixed: AI Content Indexing admin page performance on large forums
  • Fixed: Registration form losing field values when validation error occurs
  • Fixed: Spam protection flow issues, enabled ‘Can pass moderation’ allows new users to pass the moderation

wpForo Forum 3.0.3 | 10.04.2026

  • Security: Prevent arbitrary file deletion
  • New: Boxed Layout – Forum cover image is now fully clickable
  • New: AI Search – Quality signal boosting for better result ranking
  • New: AI Indexing – Progress tracking during local storage indexing
  • New: AI Indexing – Noise filtering to improve search quality
  • Improved: AI Topic Suggestions now respect forum access permissions
  • Improved: AI performance with optimized default quality settings
  • Improved: reCAPTCHA only loads on forum pages when needed
  • Fixed: Auto-indexing spinner showing endlessly on active forums
  • Fixed: Sticky topic icon priority in mixed layout mode
  • Fixed: Local semantic search relevance thresholds
  • Fixed: Empty forum access array causing search errors

wpForo Forum 3.0.2 | 08.04.2026

  • Fixed: Subscription Manager shows empty forum tree on multi-board installations
  • Fixed: Stale user permissions after switching boards on profile tabs
  • Fixed: Board switcher only works one direction on profile pages (multi-board)
  • Fixed: AI checkbox settings (chatbot_allowed_groups, bot_reply_includes) reset to defaults on every page load
  • Improved: AI Content Indexing admin page performance on large forums
  • Security: Prevent unauthenticated post disclosure via RecentPosts widget (Broken Access Control)

wpForo Forum 3.0.1 | 07.04.2026

  • Version 3.0.1
  • Fixed: Simplified and threaded forum layout issues on mobile screen
  • Fixed: reCAPTCHA v3 doesn’t work in some cases

wpForo Forum 3.0.0 | 06.04.2026

  • New Theme: 2026

    • New default theme – Modern, clean design with improved readability
    • Forum Layouts – Extended, Simplified, Threaded, and Boxed layout options
    • Members Page redesign – Improved member listing with better UX
    • Topic Tags widget – Restyled with clean flat designThreaded Layout improvements
    • New: Boxed Forum Layout

  • New Features

    • Recent Activity (What’s New) Page
    • Timeline-based activity feed showing forum actions
    • Configurable activity retention with daily cleanup cron
    • Mobile-responsive design
    • Access control for viewing activities
    • Delete button for moderators

  • Security & Spam Protection

    • reCAPTCHA v2 Invisible support
    • Less intrusive spam protectionreCAPTCHA v3 support
    • Score-based invisible protectionEnhanced flood protection
    • Time-window rate limiting to prevent spam floodsProper moderation log messages for flood protection

  • Forum Features

    • “Make All Topics Private” option
    • For Ticket/Support forums
    • Popular Tags
    • Now clickable with links to forum tag searchTop Contributors
    • Added usergroup, topics, and posts columnsAutofocus to search field
    • Improved search UXMulti-language support for members search

  • Widgets

    • Block widgets with improved functionality
    • New UI for Topic Tags widget with clean flat design

  • Performance Improvements

    • Static caching for wpforo_phrase()
    • Significant speed boost for English locale
    • Static caching for wpforo_is_bot() – Faster bot detection
    • Subscription status caching – Faster frontend loading
    • Semantic search caching – Avoid duplicate API calls
    • Translation caching with post invalidation

  • AI Features (wpForo AI)

    • Core AI Features
    • AI Chatbot – Conversational AI assistant with conversation management
    • AI Insights – Sentiment analysis, trending topics, and recommendations
    • Content Moderation – AI-powered spam detection with configurable actions
    • Topic Generator – Auto-generate discussion topics
    • Reply Generator – AI-assisted replies with 23 style options
    • Tag Maintenance – Automatic topic tagging
    • Topic Summary – Summarize long discussions

  • Search & Indexing

    • Semantic Search – Natural language search across forum content
    • Local & Cloud Storage – Choose where to store embeddings
    • Image Indexing – Multimodal RAG for Professional+ plans
    • WordPress Content Indexing – Index custom post types
    • Auto-indexing with configurable settings

  • Analytics

    • AI Usage Analytics – Track credit consumption
    • Forum Activity Analytics – Activity trends and statistics
    • User Engagement analytics
    • Content Performance analytics
    • AI Logs with filtering and detail view

  • Other AI Improvements

    • Bot Reply with tone and style options
    • Topic Suggestions with related topicsTranslation support
    • Activity retention settings
    • Multi-board support for analytics

  • Security: Unauthenticated SQL Injection via ‘referer’ Parameter

  • Security: Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via ‘guestposting’ Parameter

wpForo Forum 2.4.17 – Last 2.x Version | 15.03.2026

  • Security: Authenticated (Subscriber+) Arbitrary File Deletion

wpForo Forum 2.4.16 | 28.02.2026

  • New: Admin notice announcing wpForo 3.0 AI Edition with links to introduction and beta program
  • New: Auto-update protection — blocks automatic updates from 2.x to 3.x to prevent unattended major upgrades
  • New: Inline warning on Plugins page when wpForo 3.0 update is available
  • New: Auto-update toggle replaced with backup reminder when major version is pending
  • Security: Added permission checks for post approve/unapprove actions
  • Security: Added permission checks for topic close/open actions
  • Security: Added permission checks for topic move, merge, and split actions
  • Security: Added capability check for role synchronization
  • Security: Fixed RSS feed exposing private and unapproved content
  • Security: Fixed stored XSS via forum description output
  • Security: Blocked SVG file uploads in avatar to prevent XSS
  • Security: Replaced json_encode with wp_json_encode to prevent script injection

wpForo Forum 2.4.0 – 2.4.15 | 10.02.2026

wpForo Forum v2.4 Release Summary

  • Version 2.4.15
  • Security: Vulnerability – Unauthenticated Time-Based SQL Injection
  • ———
  • Version 2.4.14
  • Security: Vulnerability – Authenticated (Subscriber+) PHP Object Injection
  • ———
  • Version 2.4.13
  • Security: Vulnerability – Unauthenticated SQL Injection
  • ———
  • Version 2.4.12
  • Compatibility: PHP 8.5
  • Compatibility: WordPress 6.9
  • Security: Vulnerability – Unauthenticated SQL Injection
  • Fixed: Multi-language integration issues with Polylang
  • ———
  • Version 2.4.11
  • Security: Vulnerability – Unauthenticated Attacker to Post Revisions
  • ———
  • Version 2.4.10
  • Security: Vulnerability Authenticated (Susbscriber+) SQL Injection
  • Fixed Bug: PHP Error: array_filter(): Argument #1 ($array) must be of type array, string given in classes/Members.php:2032
  • ———
  • Version 2.4.9
  • Security: Unauthenticated SQL Injection
  • Security: Object unserialize code injection
  • ———
  • Version 2.4.8
  • Added: New option in widgets to sort topics/posts randomly
  • Fixed Bug: Post editor text/object alignment issue
  • ———
  • Version 2.4.7
  • Removed: Unnecessary profile buttons of guest posters
  • Removed: HTML tags from category description
  • Security: Fixed IDOR vulnerability, Insecure Direct Object References
  • Addon Support: The rich editor is modified to allow aligning (left,right,center) gif and inline attachment objects
  • Addon Support: Supports displaying voters on poll result
  • Fixed Bug: PHP Error on the activation process of a user registration. Fatal error: Uncaught TypeError: array_intersect(): Argument #1 ($array) must be of type array, null given in /wp-content/plugins/wpforo/includes/hooks.php:37
  • Fixed Bug: Missing user information in the admin email when user deletes own account
  • ———
  • Version 2.4.6
  • Security: Fixed XSS vulnerability, Stored Cross-Site Scripting
  • Updated: Hooks to manage the email sending test and error report in the tools
  • Fixed Bug: Text domain loading issue
  • Fixed Bug: Link RSS Module and RSS Settings to disable if the module is disabled
  • Fixed Bug: PHP Warning: Undefined array key max-number-value when wpForo is integrated with Profile Builder plugin.
  • ———
  • Version 2.4.5
  • Fixed Bug: Q&A forum layout threads issue on mobile devices
  • Fixed Bug: Warning: Trying to access array offset on null in ../functions-template.php
  • Fixed Bug: Missing field ‘url’ (in ‘author’) with DiscussionForumPosting structured data
  • Fixed Bug: Missing field ‘name’ (in ‘comment.author’) with DiscussionForumPosting structured data
  • ———
  • Version 2.4.3 – 2.4.4
  • Added: Discussion forum (DiscussionForumPosting) structured data for Google Search
  • Security: Fixed issue with manipulation and privilege escalation via hidden parameter
  • Fixed Bug: BuddyPress Integration problems related to deprecated functions
  • Fixed Bug: False positive spam file detection and notification in the dashboard
  • Fixed Bug: Problems related to PHP 8.4
  • Fixed Bug: Issues with saving antispam settings
  • Fixed Bug: More robust solution for “Arbitrary File Reading” problem by changing wp_remote_get() function to wp_safe_remote_get()
  • ———
  • Version 2.4.2
  • Security: Unauthenticated Arbitrary File Read in update
  • Fixed Bug: In some cases user couldn’t see own private topics
  • Fixed Bug: Problem with topic slugs containing negative number (-1234)
  • Fixed Bug: Issue with x.com URL in users profile pages
  • Fixed Bug: Forum tree displaying issue related the secondary user-groups cache
  • ———
  • Version 2.4.1
  • Compatibility: WordPress 6.7
  • Added: Request confirmation before deleting the account
  • Added: Email notification to admins when users delete their account
  • ———
  • Version 2.4.0
  • Added: Export and Import of settings. Allows you to export and import different groups of settings separately.
  • Added: Automatically change a post status to unapproved when an eligible user report it.
  • Added: reCAPTCHA to the [Add Topic] form in stand-alone topic creation page (/add-topic/)
  • SEO Optimization: Prevent indexing dynamic URLs with get parameters for when page is generated after selecting options in dropdown menus.
  • SEO Optimization: Added rel=”nofollow” to links in the user activity and favored pages.
  • Changed: Topic and post shortlinks previously showed a 404 error if the content was private or unapproved. Now, they redirect to the login page to authorize the user before displaying the content.
  • New Addon: wpForo – Advanced Reactions

Plugin Website
Visit website

Author
Tomdever
Version:
3.0.5
Last Updated
April 13, 2026
Active Installs
20000
Requires
WordPress 5.2
Tested Up To
WordPress 6.9.4
Requires PHP
7.1

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.