WP-Safety

Forumax – AI Powered Advanced Community Forum Plugin Security & Risk Analysis

wordpress.org/plugins/bbp-core

Build powerful communities with Forumax. A fully standalone, feature-rich forum plugin with voting, private replies, and Elementor integration.

600 active installs v2.2.1 PHP 7.4+ WP 5.0+ Updated Feb 26, 2026
communitydiscussionforumforum-pluginvoting
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 24, 2025
Plugin page Download
Safety Verdict

Is Forumax – AI Powered Advanced Community Forum Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

Forumax – AI Powered Advanced Community Forum Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 24, 2025Updated 1mo ago
Risk Assessment

The overall security posture of bbp-core v2.2.1 appears to be generally good, with a significant majority of code signals indicating robust security practices. The absence of unprotected AJAX handlers, REST API routes without permission callbacks, critical or high severity taint flows, and file operations is highly encouraging. The extensive use of prepared statements for SQL queries and proper output escaping further reinforces this positive assessment. Nonce and capability checks are also present in a substantial number of instances.

However, there are notable areas for improvement. While the number of unprotected entry points is zero, the plugin does have an external HTTP request, which can sometimes be a vector for vulnerabilities if not handled with extreme care. The vulnerability history, despite having no currently unpatched CVEs, shows a past pattern of medium severity vulnerabilities related to Missing Authorization and Cross-site Scripting. The last recorded vulnerability date also suggests a recent history, which warrants ongoing vigilance.

In conclusion, bbp-core v2.2.1 demonstrates strong adherence to many security best practices, particularly in code execution paths and data sanitization. The strengths lie in its extensive use of security checks and prepared statements. The primary weaknesses revolve around the potential risks associated with the single external HTTP request and the historical trend of medium severity vulnerabilities, which necessitates continued monitoring and rapid patching of any future issues.

Key Concerns

  • External HTTP requests present
  • Past medium severity vulnerabilities
  • Bundled library Freemius v1.0 may be outdated
Vulnerabilities
2

Forumax – AI Powered Advanced Community Forum Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-68572medium · 5.3Missing Authorization

BBP Core <= 1.4.1 - Missing Authorization

Dec 24, 2025 Patched in 2.0.0 (14d)
CVE-2024-9896medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter

Nov 1, 2024 Patched in 1.2.6 (1d)
Code Analysis
Analyzed Mar 16, 2026

Forumax – AI Powered Advanced Community Forum Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
14 prepared
Unescaped Output
217
1593 escaped
Nonce Checks
29
Capability Checks
54
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

88% prepared16 total queries

Output Escaping

88% escaped1810 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
ajax_dismiss_content (includes\admin\notices\class-remote-notice-client.php:362)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Forumax – AI Powered Advanced Community Forum Plugin Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 28

authwp_ajax_forumax_import_demo_dataincludes\admin\Demo_Importer.php:77
authwp_ajax_forumax_create_forumincludes\admin\menu\Create_Forum.php:11
authwp_ajax_forumax_create_subforumincludes\admin\menu\Create_Forum.php:60
authwp_ajax_forumax_create_topicincludes\admin\menu\Create_Topic.php:11
authwp_ajax_forumax_delete_forumincludes\admin\menu\Delete_Forum.php:11
authwp_ajax_forumax_delete_topicincludes\admin\menu\Delete_Topic.php:11
authwp_ajax_bbpc_notify_save_reviewincludes\admin\notices\asking-for-review.php:26
authwp_ajax_bbpcore_install_coreincludes\admin\notices\bbPress-required.php:106
authwp_ajax_bbpc_dismiss_offer_noticeincludes\admin\notices\offer.php:101
authwp_ajax_forumax_search_data_fetchincludes\ajax_actions.php:15
noprivwp_ajax_forumax_search_data_fetchincludes\ajax_actions.php:16
authwp_ajax_forumax_search_data_forumincludes\ajax_actions.php:113
noprivwp_ajax_forumax_search_data_forumincludes\ajax_actions.php:114
authwp_ajax_bbpc_get_forumsincludes\ajax_actions.php:180
authwp_ajax_forumax_loading_postincludes\ajax_actions.php:221
noprivwp_ajax_forumax_loading_postincludes\ajax_actions.php:222
authwp_ajax_forumax_open_postincludes\ajax_actions.php:345
noprivwp_ajax_forumax_open_postincludes\ajax_actions.php:346
authwp_ajax_forumax_loading_sort_postincludes\ajax_actions.php:469
noprivwp_ajax_forumax_loading_sort_postincludes\ajax_actions.php:470
authwp_ajax_sort_bbp_repliesincludes\bbpress-config.php:326
noprivwp_ajax_sort_bbp_repliesincludes\bbpress-config.php:327
authwp_ajax_forumax_ajax_forumincludes\Elementor\inc\forum-ajax.php:9
noprivwp_ajax_forumax_ajax_forumincludes\Elementor\inc\forum-ajax.php:10
authwp_ajax_bbpc_agreeincludes\features\bbp_voting\agree-disagree\actions.php:45
authwp_ajax_bbpc_disagreeincludes\features\bbp_voting\agree-disagree\actions.php:91
authwp_ajax_bbpress_post_vote_link_clickedincludes\features\bbp_voting\ajax.php:7
noprivwp_ajax_bbpress_post_vote_link_clickedincludes\features\bbp_voting\ajax.php:8

Shortcodes 2

[bbpc_geo_votings] includes\features\bbp_voting\agree-disagree\actions.php:222
[forumax_login_form] includes\login-form.php:67
WordPress Hooks 150
filterhide_freemius_powered_byforumax.php:65
actionadmin_initforumax.php:68
actionplugins_loadedforumax.php:101
actionafter_setup_themeforumax.php:102
filterplugin_row_metaforumax.php:105
actionadmin_initforumax.php:108
actionadmin_headforumax.php:116
actionadmin_noticesforumax.php:128
actionadmin_initforumax.php:346
actionadmin_noticesforumax.php:434
actionadmin_enqueue_scriptsincludes\admin\Admin_Assets.php:15
actionadmin_initincludes\admin\menu\Approve_Topic.php:8
actionadmin_initincludes\admin\menu\Approve_Topic.php:9
actionadmin_menuincludes\admin\Menu.php:20
actionadmin_enqueue_scriptsincludes\admin\notices\asking-for-review.php:4
actionadmin_noticesincludes\admin\notices\asking-for-review.php:17
actionadmin_noticesincludes\admin\notices\bbPress-required.php:82
actionadmin_initincludes\admin\notices\class-remote-notice-client.php:115
actionadmin_noticesincludes\admin\notices\class-remote-notice-client.php:118
actionadmin_noticesincludes\admin\notices\deactivate-other-forum-plugins.php:12
actionadmin_initincludes\admin\notices\deactivate-other-forum-plugins.php:45
actionadmin_noticesincludes\admin\notices\theme-compatibility.php:105
actionin_plugin_update_message-bbp-core/forumax.phpincludes\admin\notices\update-notice.php:74
actionplugins_loadedincludes\admin\notices\_notices.php:11
filteradmin_body_classincludes\Admin.php:7
filterbbp_show_lead_topicincludes\bbpress-config.php:13
actionwp_enqueue_scriptsincludes\bbpress-config.php:281
filterbbp_get_user_subscribe_linkincludes\bbpress-config.php:333
filterbbp_get_reply_revision_logincludes\bbpress-config.php:367
filterbbp_get_topic_revision_logincludes\bbpress-config.php:368
actioninitincludes\Blocks\Blocks_Register.php:44
filterblock_categories_allincludes\Blocks\Blocks_Register.php:45
actionenqueue_block_editor_assetsincludes\Blocks\Blocks_Register.php:46
filterthe_postsincludes\classes\Forumax_Forum_Class.php:30
actionbbp_new_topicincludes\classes\Forumax_Forum_Class.php:33
actionbbp_edit_topicincludes\classes\Forumax_Forum_Class.php:34
actionbbp_closed_topicincludes\classes\Forumax_Forum_Class.php:35
actionbbp_opened_topicincludes\classes\Forumax_Forum_Class.php:36
actionbbp_trash_topicincludes\classes\Forumax_Forum_Class.php:37
actionbbp_untrash_topicincludes\classes\Forumax_Forum_Class.php:38
actionbbp_deleted_topicincludes\classes\Forumax_Forum_Class.php:39
filterthe_postsincludes\classes\Forumax_Forum_Class.php:338
actionwidgets_initincludes\docy-core-compatibility.php:60
actionelementor/widgets/registerincludes\Elementor\Forumax_Widgets.php:10
actionelementor/elements/categories_registeredincludes\Elementor\Forumax_Widgets.php:13
actionelementor/editor/before_enqueue_scriptsincludes\Elementor\Forumax_Widgets.php:14
actionelementor/editor/after_enqueue_scriptsincludes\Elementor\Forumax_Widgets.php:20
filterexcerpt_lengthincludes\Elementor\inc\forum-topics\forum-topics-2.php:32
actionplugins_loadedincludes\features\bbp-private-replies.php:26
actionbbp_theme_before_reply_form_submit_wrapperincludes\features\bbp-private-replies.php:29
actionbbp_new_replyincludes\features\bbp-private-replies.php:32
actionbbp_edit_replyincludes\features\bbp-private-replies.php:33
filterbbp_get_reply_excerptincludes\features\bbp-private-replies.php:36
filterbbp_get_reply_contentincludes\features\bbp-private-replies.php:37
filterthe_contentincludes\features\bbp-private-replies.php:38
filterthe_excerptincludes\features\bbp-private-replies.php:39
filterbbp_subscription_mail_messageincludes\features\bbp-private-replies.php:42
filterpost_classincludes\features\bbp-private-replies.php:45
actionafter_setup_themeincludes\features\bbpc_attachments\code\admin.php:11
filterplugin_action_linksincludes\features\bbpc_attachments\code\admin.php:25
filterplugin_row_metaincludes\features\bbpc_attachments\code\admin.php:26
actionafter_setup_themeincludes\features\bbpc_attachments\code\class.php:27
actionbefore_delete_postincludes\features\bbpc_attachments\code\class.php:28
actionbefore_delete_postincludes\features\bbpc_attachments\code\class.php:29
actioninitincludes\features\bbpc_attachments\code\class.php:64
actioninitincludes\features\bbpc_attachments\code\class.php:65
actionbefore_delete_postincludes\features\bbpc_attachments\code\class.php:67
actionbbp_initincludes\features\bbpc_attachments\code\front.php:28
actionwp_enqueue_scriptsincludes\features\bbpc_attachments\code\front.php:42
actionbbp_theme_before_reply_form_submit_wrapperincludes\features\bbpc_attachments\code\front.php:44
actionbbp_theme_before_topic_form_submit_wrapperincludes\features\bbpc_attachments\code\front.php:45
actionbbp_edit_replyincludes\features\bbpc_attachments\code\front.php:47
actionbbp_edit_topicincludes\features\bbpc_attachments\code\front.php:48
actionbbp_new_replyincludes\features\bbpc_attachments\code\front.php:49
actionbbp_new_topicincludes\features\bbpc_attachments\code\front.php:50
filterbbp_get_reply_contentincludes\features\bbpc_attachments\code\front.php:52
filterbbp_get_topic_contentincludes\features\bbpc_attachments\code\front.php:53
actionbbp_theme_before_topic_titleincludes\features\bbpc_attachments\code\front.php:56
filterwp_save_post_revision_post_has_changedincludes\features\bbpc_attachments\code\front.php:232
actionafter_setup_themeincludes\features\bbpc_attachments\code\meta.php:9
actionadmin_initincludes\features\bbpc_attachments\code\meta.php:13
actionadmin_menuincludes\features\bbpc_attachments\code\meta.php:14
actionadmin_headincludes\features\bbpc_attachments\code\meta.php:15
actionsave_postincludes\features\bbpc_attachments\code\meta.php:17
actionmanage_topic_posts_columnsincludes\features\bbpc_attachments\code\meta.php:19
actionmanage_reply_posts_columnsincludes\features\bbpc_attachments\code\meta.php:20
actionmanage_topic_posts_custom_columnincludes\features\bbpc_attachments\code\meta.php:22
actionmanage_reply_posts_custom_columnincludes\features\bbpc_attachments\code\meta.php:23
actionafter_setup_themeincludes\features\bbp_attachments.php:6
actionplugins_loadedincludes\features\bbp_solved_topic.php:24
actionbbp_theme_before_reply_form_submit_wrapperincludes\features\bbp_solved_topic.php:27
actionbbp_theme_before_topic_form_submit_wrapperincludes\features\bbp_solved_topic.php:28
actionbbp_new_replyincludes\features\bbp_solved_topic.php:31
actionbbp_edit_replyincludes\features\bbp_solved_topic.php:32
actionbbp_new_topicincludes\features\bbp_solved_topic.php:35
actionbbp_edit_topicincludes\features\bbp_solved_topic.php:36
filterbbp_get_reply_excerptincludes\features\bbp_solved_topic.php:39
filterbbp_get_reply_contentincludes\features\bbp_solved_topic.php:40
filterbbp_theme_before_topic_titleincludes\features\bbp_solved_topic.php:42
filterbbp_topic_admin_linksincludes\features\bbp_solved_topic.php:43
actiontemplate_redirectincludes\features\bbp_solved_topic.php:45
filterpost_classincludes\features\bbp_solved_topic.php:48
actionbbp_theme_after_topic_contentincludes\features\bbp_voting\agree-disagree\actions.php:225
actionbbp_template_after_user_details_menu_itemsincludes\features\bbp_voting\agree-disagree\init.php:10
actionbbp_template_before_user_wrapperincludes\features\bbp_voting\agree-disagree\init.php:41
actionbbp_theme_after_topic_author_detailsincludes\features\bbp_voting\frontend.php:7
actionbbp_theme_after_reply_author_detailsincludes\features\bbp_voting\frontend.php:8
actionbbp_voting_cptincludes\features\bbp_voting\frontend.php:9
filterbbp_has_topics_queryincludes\features\bbp_voting\frontend.php:232
filterbbp_has_replies_queryincludes\features\bbp_voting\frontend.php:233
actioninitincludes\features\bbp_voting\frontend.php:352
filterbbp_show_lead_topicincludes\features\bbp_voting\frontend.php:355
actionbbp_new_topicincludes\features\bbp_voting\helpers.php:171
actionbbp_new_replyincludes\features\bbp_voting\helpers.php:172
actionadd_meta_boxesincludes\features\bbp_voting\metabox.php:7
actionsave_postincludes\features\bbp_voting\metabox.php:108
actioninitincludes\features\forumax_auto_close.php:14
actionfrmx_auto_close_stale_topicsincludes\features\forumax_auto_close.php:15
actionwp_enqueue_scriptsincludes\Frontend\Frontend_Assets.php:16
actionelementor/widgets/widgets_registeredincludes\Frontend\Frontend_Assets.php:17
filterbbp_after_get_the_content_parse_argsincludes\functions.php:66
actionbbp_template_redirectincludes\functions.php:269
actioncustomize_registerincludes\functions.php:284
filterregister_post_type_argsincludes\functions.php:364
filteruser_has_capincludes\functions.php:409
actionactivated_pluginincludes\functions.php:414
actionwidgets_initincludes\functions.php:448
actioninitincludes\functions.php:474
actionadmin_headincludes\functions.php:557
filtersidebars_widgetsincludes\functions.php:588
actionbbp_new_replyincludes\functions.php:690
actionbbp_deleted_replyincludes\functions.php:691
actionbbp_trash_replyincludes\functions.php:692
actionbbp_untrash_replyincludes\functions.php:693
actionbbp_spam_replyincludes\functions.php:694
actionbbp_unspam_replyincludes\functions.php:695
actionbbp_new_topicincludes\functions.php:696
actionbbp_deleted_topicincludes\functions.php:697
actionbbp_trash_topicincludes\functions.php:698
actionbbp_untrash_topicincludes\functions.php:699
actionbbp_spam_topicincludes\functions.php:700
actionbbp_unspam_topicincludes\functions.php:701
actionbbpc-resolved-topicsincludes\hooks\actions.php:3
actionwp_login_failedincludes\login-form.php:70
actionplugins_loadedincludes\sbv-compatibility.php:21
actionbbp_template_after_user_profileincludes\sbv-compatibility.php:31
actionafter_setup_themeincludes\template-functions.php:14
filterbbp_get_template_locationsincludes\template-functions.php:75
actionwidgets_initwidgets\widgets.php:8
actionadmin_enqueue_scriptswidgets\widgets.php:22

Scheduled Events 1

frmx_auto_close_stale_topics
Maintenance & Trust

Forumax – AI Powered Advanced Community Forum Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads28K

Community Trust

Rating100/100
Number of ratings18
Active installs600
Alternatives

Forumax – AI Powered Advanced Community Forum Plugin Alternatives

Discussion Board – WordPress Forum Plugin

Discussion Board – WordPress Forum Plugin

wp-discussion-board

A
96

Discussion Board is a simple, effective way to add a forum or discussion board to your site, helping you build and engage an active community.

2K 3 CVEs
CM Answers – Discussion Forum Plugin for WordPress Q&A

CM Answers – Discussion Forum Plugin for WordPress Q&A

cm-answers

A
97

Discussion Forum Plugin for WordPress Q&A. Build engaging community forums with voting, moderation, notifications, and AI integration.

300 3 CVEs
wpForo Forum

wpForo Forum

wpforo

B
76

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs
Asgaros Forum

Asgaros Forum

asgaros-forum

B
76

Asgaros Forum is the best forum-plugin for WordPress! It comes with dozens of features in a beautiful design and stays simple and fast.

10K 12 CVEs
Ultimate Member – ForumWP forum integration

Ultimate Member – ForumWP forum integration

um-forumwp

A
92

Integrate Ultimate Member with the forum plugin ForumWP.

500 No CVEs
Developer Profile

Forumax – AI Powered Advanced Community Forum Plugin Developer Profile

Spider Themes

7 plugins · 14K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
109 days
View full developer profile
Detection Fingerprints

How We Detect Forumax – AI Powered Advanced Community Forum Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bbp-core/assets/admin/css/bbpress-forum-builder.css/wp-content/plugins/bbp-core/assets/frontend/css/bbpress-frontend.css/wp-content/plugins/bbp-core/assets/vendors/css/daterangepicker.css/wp-content/plugins/bbp-core/assets/vendors/js/moment.min.js/wp-content/plugins/bbp-core/assets/vendors/js/daterangepicker.min.js/wp-content/plugins/bbp-core/assets/vendors/js/bootstrap-select.min.js/wp-content/plugins/bbp-core/assets/vendors/js/select2.min.js/wp-content/plugins/bbp-core/assets/vendors/js/summernote-bs4.min.js+8 more
Script Paths
/wp-content/plugins/bbp-core/assets/vendors/js/moment.min.js/wp-content/plugins/bbp-core/assets/vendors/js/daterangepicker.min.js/wp-content/plugins/bbp-core/assets/vendors/js/bootstrap-select.min.js/wp-content/plugins/bbp-core/assets/vendors/js/select2.min.js/wp-content/plugins/bbp-core/assets/vendors/js/summernote-bs4.min.js/wp-content/plugins/bbp-core/assets/vendors/js/waypoints.min.js+6 more
Version Parameters
bbp-core/assets/admin/css/bbpress-forum-builder.css?ver=bbp-core/assets/frontend/css/bbpress-frontend.css?ver=bbp-core/assets/vendors/css/daterangepicker.css?ver=bbp-core/assets/vendors/js/moment.min.js?ver=bbp-core/assets/vendors/js/daterangepicker.min.js?ver=bbp-core/assets/vendors/js/bootstrap-select.min.js?ver=bbp-core/assets/vendors/js/select2.min.js?ver=bbp-core/assets/vendors/js/summernote-bs4.min.js?ver=bbp-core/assets/vendors/js/waypoints.min.js?ver=bbp-core/assets/vendors/js/jquery.counterup.min.js?ver=bbp-core/assets/vendors/js/chart.min.js?ver=bbp-core/assets/vendors/js/apexcharts.min.js?ver=bbp-core/assets/vendors/js/script.js?ver=bbp-core/assets/frontend/js/bbpress-frontend.js?ver=bbp-core/assets/admin/js/bbpress-forum-builder.js?ver=

HTML / DOM Fingerprints

CSS Classes
bbp-forum-builder-wrapbbp-forum-builder-contentbbp-elementor-widget-wrapperbbp-admin-wrapperbbp-forum-list-widget
HTML Comments
<!-- Smart bbPress nVerify compatibility layer --><!-- Docy Core compatibility layer (fixes Forums widget class not found error) --><!-- Core installer notice --><!-- Register Pro Widgets -->+6 more
Data Attributes
data-bbp-forum-iddata-bbp-topic-iddata-bbp-post-iddata-bbp-user-iddata-bbp-forum-slugdata-bbp-topic-slug+5 more
JS Globals
bbp_frontend_ajax_objectbbp_forum_builder_ajax_objectbbp_core_settingsbbp_core_varsbbp_core_localize
REST Endpoints
/wp-json/bbp-core/v1/forums/wp-json/bbp-core/v1/topics/wp-json/bbp-core/v1/posts/wp-json/bbp-core/v1/users
Shortcode Output
[bbp-forum-list][bbp-topic-list][bbp-post-list][bbp-user-profile]
FAQ

Frequently Asked Questions about Forumax – AI Powered Advanced Community Forum Plugin