Does ForumConverter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ForumConverter compatible with WordPress 3.2.1?

According to WordPress.org data, ForumConverter 1.11 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is ForumConverter updated?

ForumConverter was last updated on Oct 14, 2011. Frequent updates are generally a positive security signal.

What is ForumConverter's security score?

ForumConverter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ForumConverter Security & Risk Analysis

wordpress.org/plugins/forumconverter

Migrates a phpBB forum into a bbPress forum.

10 active installs v1.11 PHP + WP 3.2.1+ Updated Oct 14, 2011

bbpressconversionforumphpbb

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ForumConverter Safe to Use in 2026?

Generally Safe

Score 85/100

ForumConverter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The static analysis of the "forumconverter" v1.11 plugin reveals significant security concerns, primarily related to its handling of SQL queries and data sanitization. While the plugin has no known CVEs, which is a positive indicator, the code itself presents considerable risks. A striking 100% of SQL queries are not using prepared statements, making the plugin highly vulnerable to SQL injection attacks. Furthermore, all analyzed taint flows (9 out of 9) have unsanitized paths, with 9 of them being of high severity. This indicates a substantial risk of attackers being able to manipulate data or execute unintended operations by injecting malicious input. The lack of nonce checks and capability checks on potential entry points (though the attack surface is reported as zero, the taint analysis suggests otherwise) is also a major concern, as it leaves the plugin open to cross-site request forgery (CSRF) and unauthorized actions. The plugin's history of no vulnerabilities is commendable, but it does not mitigate the serious risks identified in the current code analysis. The absence of proper output escaping on a majority of outputs (only 29% properly escaped) further compounds the risk, potentially leading to cross-site scripting (XSS) vulnerabilities.

Key Concerns

100% of SQL queries not using prepared statements
9 high severity unsanitized taint flows
71% of output not properly escaped
No nonce checks
No capability checks

Vulnerabilities

None known

ForumConverter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ForumConverter Release Timeline

v1.13

v1.12

v1.11Current

v1.10

v1.09

v1.08

v1.07

v1.06

v1.05

v1.04

v1.03

v1.02

v1.01

v1.0

Code Analysis

Analyzed Mar 17, 2026

ForumConverter Code Analysis

Dangerous Functions

Raw SQL Queries

121

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared121 total queries

Output Escaping

29% escaped35 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

fc_forum_password (fc-forum-password.php:28)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ForumConverter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionwp_authenticatefc-auth.php:29

filterthe_password_formfc-auth.php:30

actionadmin_footerfc-forum-password.php:26

actionsave_postfc-forum-password.php:51

filterplugin_action_linksfc-main.php:27

actionadmin_initfc-options.php:19

actionadmin_menufc-options.php:22

actionadmin_headfc-options.php:23

actionbp_after_profile_contentfc-sig-main.php:27

actiontemplate_redirectfc-sig-main.php:28

actionwp_footerfc-sig-main.php:29

actionadmin_footerfc-sig-main.php:30

actionedit_user_profile_updatefc-sig-main.php:31

actionpersonal_options_updatefc-sig-main.php:32

Maintenance & Trust

ForumConverter Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedOct 14, 2011

PHP min version

Downloads13K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

ForumConverter Alternatives

wpForo Forum

wpforo

Number one WordPress forum plugin with AI features. Full-fledged forum solution with modern forum design. Community builder WordPress forum plugin.

20K 40 CVEs

bbp style pack

bbp-style-pack

For bbPress - Lets you style bbPress, and add display features

6K 2 CVEs

bbPress Notify (No-Spam)

bbpress-notify-nospam

Powerful, customizable email notifications for bbPress and BuddyBoss forums — without the spam.

3K 2 CVEs

Private groups

bbp-private-groups

100

For bbPress - Creates private forum groups

1K No CVEs

bbPress WP Tweaks

bbpress-wp-tweaks

100

Adds bbPress forum specific sidebar, wrapper, widgets, user columns, login links and other tweaks.

1K No CVEs

Developer Profile

ForumConverter Developer Profile

Orson Teodoro

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ForumConverter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/forumconverter/wp-pass-ex.php

HTML / DOM Fingerprints

CSS Classes

labelscreen-reader-text

Data Attributes

name="forum_password"id="forum_password"name="forum_id"

JS Globals

jQuery

FAQ