Does Asgaros Forum have any unpatched vulnerabilities?

No. All known vulnerabilities in Asgaros Forum have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Asgaros Forum compatible with WordPress 6.8.5?

According to WordPress.org data, Asgaros Forum 3.3.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Asgaros Forum compatible with PHP 5.3+?

Asgaros Forum requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Asgaros Forum updated?

Asgaros Forum was last updated on Nov 8, 2025. Frequent updates are generally a positive security signal.

What is Asgaros Forum's security score?

Asgaros Forum has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Asgaros Forum Security & Risk Analysis

wordpress.org/plugins/asgaros-forum

Asgaros Forum is the best forum-plugin for WordPress! It comes with dozens of features in a beautiful design and stays simple and fast.

10K active installs v3.3.0 PHP 5.3+ WP 4.9+ Updated Nov 8, 2025

asgaroscommunitydiscussionforumforums

B · Generally Safe

CVEs total12

Unpatched0

Last CVENov 11, 2025

Plugin page Download

Safety Verdict

Is Asgaros Forum Safe to Use in 2026?

Mostly Safe

Score 76/100

Asgaros Forum is generally safe to use. 12 past CVEs were resolved. Keep it updated.

12 known CVEsLast CVE: Nov 11, 2025Updated 4mo ago

Risk Assessment

The Asgaros Forum plugin exhibits a mixed security posture. While the static analysis reveals good practices like a high percentage of properly escaped output and a decent number of nonce checks, significant concerns exist regarding its attack surface and taint analysis results. The presence of 2 unprotected REST API routes represents a direct entry point for potential attackers, and the taint analysis highlights 5 high-severity flows with unsanitized paths, indicating a risk of malicious data being processed without adequate validation. This is compounded by a history of 12 known CVEs, including critical and high-severity vulnerabilities, with common types like Improper Authorization and SQL Injection. Although there are currently no unpatched vulnerabilities, the past pattern suggests a recurring tendency for security flaws to be introduced. The plugin demonstrates strengths in output escaping and nonce checks, but the unprotected entry points and concerning taint analysis, coupled with its historical vulnerability record, necessitate caution and ongoing monitoring.

Key Concerns

Unprotected REST API routes
5 high-severity taint flows
History of 2 critical CVEs
History of 4 high CVEs
SQL queries using prepared statements at 55%

Vulnerabilities

Asgaros Forum Security Vulnerabilities

CVEs by Year

3 CVEs in 2021

2021

2 CVEs in 2022

2022

1 CVE in 2023

2023

2 CVEs in 2024

2024

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

12 total CVEs

CVE-2025-12901medium · 4.3Cross-Site Request Forgery (CSRF)

Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update

Nov 11, 2025 Patched in 3.3.0 (1d)

CVE-2025-11452high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection

Nov 7, 2025 Patched in 3.2.0 (1d)

CVE-2025-39514medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Asgaros Forum <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2025 Patched in 3.3.0 (233d)

CVE-2025-32227medium · 4.3Improper Authorization

Asgaros Forum <= 3.0.0 - Authenticated (Subscriber+) Authorization Bypass

Apr 7, 2025 Patched in 3.1.0 (207d)

CVE-2024-32440medium · 4.3Cross-Site Request Forgery (CSRF)

Asgaros Forum <= 2.8.0 - Cross-Site Request Forgery

Apr 12, 2024 Patched in 2.9.0 (6d)

CVE-2024-22284critical · 9.8Deserialization of Untrusted Data

Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status

Jan 16, 2024 Patched in 2.8.0 (7d)

CVE-2023-5604medium · 6.6Unrestricted Upload of File with Dangerous Type

Asgaros Forum <= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload

Dec 6, 2023 Patched in 2.7.1 (48d)

CVE-2022-41608high · 8.8Cross-Site Request Forgery (CSRF)

Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery

Nov 9, 2022 Patched in 2.2.0 (440d)

CVE-2022-0411high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Asgaros Forum < 2.0.0 - SQL Injection

Jan 31, 2022 Patched in 2.0.0 (722d)

CVE-2021-25045high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id

Dec 21, 2021 Patched in 1.15.15 (763d)

CVE-2021-42365medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting

Nov 29, 2021 Patched in 1.15.14 (785d)

CVE-2021-24827critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection

Oct 11, 2021 Patched in 1.15.13 (834d)

Code Analysis

Analyzed Mar 16, 2026

Asgaros Forum Code Analysis

Dangerous Functions

Raw SQL Queries

100

82 prepared

Unescaped Output

220

868 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

45% prepared182 total queries

Output Escaping

80% escaped1088 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths

show_search_input (includes\forum-search.php:33)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Asgaros Forum Attack Surface

Entry Points5

Unprotected2

REST API Routes 2

POST/wp-json/asgaros-forum/v1/suggestions/mentioning/(?P<term>[a-zA-Z0-9-]+)includes\forum-mentioning.php:70

POST/wp-json/asgaros-forum/v1/reaction/(?P<post_id>\d+)/(?P<reaction>[a-zA-Z0-9-]+)includes\forum-reactions.php:69

Shortcodes 3

[forum] includes\forum-shortcodes.php:21

[Forum] includes\forum-shortcodes.php:22

[spoiler] includes\forum-spoilers.php:18

WordPress Hooks 134

actioninitadmin\admin.php:17

actionwp_loadedadmin\admin.php:19

actionadmin_menuadmin\admin.php:20

actionadmin_enqueue_scriptsadmin\admin.php:21

actionedit_user_profileadmin\admin.php:24

actionshow_user_profileadmin\admin.php:25

actionedit_user_profile_updateadmin\admin.php:26

actionpersonal_options_updateadmin\admin.php:27

filtermanage_users_columnsadmin\admin.php:30

actionmanage_users_custom_columnadmin\admin.php:31

actionasgarosforum_breadcrumbs_activityincludes\forum-activity.php:13

actioninitincludes\forum-appearance.php:29

filtermce_cssincludes\forum-appearance.php:35

actionwp_enqueue_scriptsincludes\forum-appearance.php:36

actionwp_headincludes\forum-appearance.php:37

actionasgarosforum_breadcrumbs_unapprovedincludes\forum-approval.php:13

actionasgarosforum_prepare_overviewincludes\forum-approval.php:14

actionasgarosforum_prepare_overviewincludes\forum-approval.php:15

filterautoptimize_filter_js_excludeincludes\forum-compatibility.php:25

actiontemplate_redirectincludes\forum-compatibility.php:34

filterasgarosforum_title_separatorincludes\forum-compatibility.php:35

actiontemplate_redirectincludes\forum-compatibility.php:78

filterasgarosforum_title_separatorincludes\forum-compatibility.php:79

filterrank_math/frontend/remove_credit_noticeincludes\forum-compatibility.php:85

actionwp_headincludes\forum-compatibility.php:86

actionasgarosforum_execution_checkincludes\forum-compatibility.php:102

actionasgarosforum_prepareincludes\forum-compatibility.php:136

filteraioseo_disableincludes\forum-compatibility.php:149

filteraiosp_disableincludes\forum-compatibility.php:152

filterheateor_sss_target_share_url_filterincludes\forum-compatibility.php:166

filterwp_sweep_excluded_termidsincludes\forum-compatibility.php:183

actioninitincludes\forum-content.php:17

actionwpmu_new_blogincludes\forum-database.php:17

filterwpmu_drop_tablesincludes\forum-database.php:18

actionwp_loadedincludes\forum-database.php:19

filtermce_buttonsincludes\forum-editor.php:13

filtermce_buttonsincludes\forum-editor.php:14

filtermce_buttons_2includes\forum-editor.php:15

filtermce_buttons_3includes\forum-editor.php:16

filtermce_buttons_4includes\forum-editor.php:17

filterdisable_captionsincludes\forum-editor.php:18

filtertiny_mce_before_initincludes\forum-editor.php:19

actionasgarosforum_wp_headincludes\forum-feed.php:13

actionasgarosforum_bottom_navigationincludes\forum-feed.php:14

actionasgarosforum_prepare_topicincludes\forum-feed.php:15

actionasgarosforum_prepare_forumincludes\forum-feed.php:16

actionasgarosforum_prepare_membersincludes\forum-memberslist.php:17

actionasgarosforum_breadcrumbs_membersincludes\forum-memberslist.php:18

actionasgarosforum_enqueue_css_jsincludes\forum-mentioning.php:14

filtertiny_mce_before_initincludes\forum-mentioning.php:15

actionrest_api_initincludes\forum-mentioning.php:16

actionasgarosforum_prepare_subscriptionsincludes\forum-notifications.php:15

actionasgarosforum_bottom_navigationincludes\forum-notifications.php:16

actionasgarosforum_breadcrumbs_subscriptionsincludes\forum-notifications.php:17

filterwp_mail_content_typeincludes\forum-notifications.php:485

actioninitincludes\forum-online.php:23

actionclear_auth_cookieincludes\forum-online.php:24

actioninitincludes\forum-permissions.php:14

actionasgarosforum_prepare_profileincludes\forum-permissions.php:15

filtermanage_users_columnsincludes\forum-permissions.php:18

actionmanage_users_custom_columnincludes\forum-permissions.php:19

filterviews_usersincludes\forum-permissions.php:22

actionpre_user_queryincludes\forum-permissions.php:23

filterbulk_actions-usersincludes\forum-permissions.php:32

filterhandle_bulk_actions-usersincludes\forum-permissions.php:33

actionadmin_noticesincludes\forum-permissions.php:34

actionasgarosforum_editor_custom_content_bottomincludes\forum-polls.php:13

actionasgarosforum_after_add_topic_submitincludes\forum-polls.php:14

actionasgarosforum_after_edit_post_submitincludes\forum-polls.php:15

actionasgarosforum_prepare_topicincludes\forum-polls.php:16

actionasgarosforum_after_delete_topicincludes\forum-polls.php:17

actioninitincludes\forum-private.php:13

actionasgarosforum_breadcrumbs_profileincludes\forum-profile.php:13

actionasgarosforum_breadcrumbs_historyincludes\forum-profile.php:14

actioninitincludes\forum-reactions.php:15

actionasgarosforum_prepare_topicincludes\forum-reactions.php:16

actionasgarosforum_prepare_postincludes\forum-reactions.php:17

actionrest_api_initincludes\forum-reactions.php:18

actionasgarosforum_breadcrumbs_reportsincludes\forum-reports.php:14

actionasgarosforum_prepare_overviewincludes\forum-reports.php:15

filterrewrite_rules_arrayincludes\forum-rewrite.php:24

filterredirect_canonicalincludes\forum-rewrite.php:25

actioninitincludes\forum-search.php:15

actionasgarosforum_breadcrumbs_searchincludes\forum-search.php:16

actioninitincludes\forum-shortcodes.php:16

actioninitincludes\forum-spoilers.php:13

actionasgarosforum_prepareincludes\forum-unread.php:15

actionasgarosforum_prepare_markallreadincludes\forum-unread.php:16

actionasgarosforum_prepare_topicincludes\forum-unread.php:17

actionasgarosforum_breadcrumbs_unreadincludes\forum-unread.php:18

actioninitincludes\forum-uploads.php:17

actioninitincludes\forum-usergroups.php:14

filtermanage_users_columnsincludes\forum-usergroups.php:17

actionmanage_users_custom_columnincludes\forum-usergroups.php:18

actiondelete_userincludes\forum-usergroups.php:19

filterviews_usersincludes\forum-usergroups.php:22

actionpre_user_queryincludes\forum-usergroups.php:23

actionuser_registerincludes\forum-usergroups.php:26

filterbulk_actions-usersincludes\forum-usergroups.php:34

filterhandle_bulk_actions-usersincludes\forum-usergroups.php:35

actionadmin_noticesincludes\forum-usergroups.php:36

actionwidgets_initincludes\forum-widgets.php:13

actionwpincludes\forum.php:203

actionwp_enqueue_scriptsincludes\forum.php:204

filterbody_classincludes\forum.php:207

filterwp_titleincludes\forum.php:210

filterdocument_title_partsincludes\forum.php:211

filterpre_get_document_titleincludes\forum.php:212

filterdocument_title_separatorincludes\forum.php:213

filteroembed_dataparseincludes\forum.php:215

actiondelete_user_formincludes\forum.php:218

actiondeleted_userincludes\forum.php:219

actiontransition_post_statusincludes\forum.php:222

actionload-post.phpincludes\forum.php:223

actionload-post-new.phpincludes\forum.php:224

actionadd_meta_boxesincludes\forum.php:2600

actionsave_postincludes\forum.php:2601

filtermycred_all_referencesintegrations\integration-mycred.php:7

filtermycred_setup_hooksintegrations\integration-mycred.php:8

actionmycred_load_hooksintegrations\integration-mycred.php:9

actionasgarosforum_after_add_topic_submitintegrations\integration-mycred.php:81

actionasgarosforum_before_delete_topicintegrations\integration-mycred.php:85

actionasgarosforum_after_add_post_submitintegrations\integration-mycred.php:89

actionasgarosforum_before_delete_postintegrations\integration-mycred.php:93

actionasgarosforum_after_add_reactionintegrations\integration-mycred.php:97

actionasgarosforum_after_update_reactionintegrations\integration-mycred.php:98

actionasgarosforum_after_add_reactionintegrations\integration-mycred.php:102

actionasgarosforum_after_update_reactionintegrations\integration-mycred.php:103

actionasgarosforum_after_post_authorintegrations\integration-mycred.php:107

actionasgarosforum_profile_rowintegrations\integration-mycred.php:108

actionasgarosforum_after_post_authorintegrations\integration-mycred.php:112

actionasgarosforum_profile_rowintegrations\integration-mycred.php:113

actionasgarosforum_after_post_authorintegrations\integration-mycred.php:117

actionasgarosforum_profile_rowintegrations\integration-mycred.php:118

Maintenance & Trust

Asgaros Forum Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 8, 2025

PHP min version5.3

Downloads908K

Community Trust

Rating96/100

Number of ratings207

Active installs10K

Alternatives

Asgaros Forum Alternatives

Ultimate Member – ForumWP forum integration

um-forumwp

Integrate Ultimate Member with the forum plugin ForumWP.

500 No CVEs

Simple:Press Forum

simplepress

The most versatile and feature-rich forum plugin for WordPress. Create unlimited forums with awesome features directly in your WordPress site.

300 10 CVEs

bbPress

bbpress

bbPress is forum software for WordPress.

100K 6 CVEs

wpForo Forum

wpforo

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs

Discussion Board – WordPress Forum Plugin

wp-discussion-board

Discussion Board is a simple, effective way to add a forum or discussion board to your site, helping you build and engage an active community.

2K 3 CVEs

Developer Profile

Asgaros Forum Developer Profile

Asgaros

1 plugin · 10K total installs

trust score

Avg Security Score

76/100

Avg Patch Time

337 days

View full developer profile

Detection Fingerprints

How We Detect Asgaros Forum

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ