Does Neoforum have any unpatched vulnerabilities?

Yes — Neoforum currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Neoforum compatible with WordPress 5.0.25?

According to WordPress.org data, Neoforum 1.0 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is Neoforum compatible with PHP 7.2+?

Neoforum requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Neoforum updated?

Neoforum was last updated on May 22, 2019. Frequent updates are generally a positive security signal.

What is Neoforum's security score?

Neoforum has a WP-Safety security score of 41/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Neoforum Security Review — Score 41/100 (high risk)

Safety Verdict

Is Neoforum Safe to Use in 2026?

High Risk

Score 41/100

Neoforum carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Jan 10, 2026Updated 6yr ago

Risk Assessment

The neoforum plugin v1.0 presents a concerning security posture despite some positive indicators. The presence of 4 unprotected AJAX handlers is a significant immediate risk, allowing potential unauthorized actions. The high number of unsanitized paths identified in taint analysis (35 high severity flows) directly correlates with the historical vulnerability types of XSS and SQL Injection, indicating persistent and likely exploitable weaknesses within the code. While the plugin does utilize nonce checks and capability checks, the low percentage of prepared SQL statements (4%) and properly escaped output (17%) suggests that even with these safeguards, malicious input could still lead to data compromise.

The vulnerability history, with 2 unpatched medium severity CVEs, further reinforces the notion that the plugin has a track record of security flaws, and the recent date of the last vulnerability suggests these issues are not being proactively addressed. The plugin has a moderate attack surface with 64 entry points. While there are no REST API routes or cron events that are unprotected, the unprotected AJAX handlers are a critical concern.

In conclusion, while neoforum v1.0 has some basic security practices in place, the significant number of unsanitized taint flows, the lack of widespread prepared SQL statements and output escaping, and a history of unpatched vulnerabilities paint a picture of a plugin that requires immediate attention. The unprotected AJAX handlers are a critical vulnerability that should be prioritized for remediation.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized paths in taint analysis
Low percentage of prepared SQL statements
Low percentage of properly escaped output
Unpatched CVEs (2 medium)

Vulnerabilities

2

Neoforum Security Vulnerabilities

CVEs by Year

2 CVEs in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

2

2 total CVEs

CVE-2026-24623medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Neoforum <= 1.0 - Reflected Cross-Site Scripting

Jan 10, 2026Unpatched

CVE-2026-24624medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Neoforum <= 1.0 - Authenticated (Administrator+) SQL Injection

Jan 10, 2026Unpatched

Code Analysis

Analyzed Mar 17, 2026

Neoforum Code Analysis

Dangerous Functions

0

Raw SQL Queries

281

11 prepared

Unescaped Output

397

81 escaped

Nonce Checks

63

Capability Checks

53

File Operations

2

External Requests

0

Bundled Libraries

0

SQL Query Safety

4% prepared292 total queries

Output Escaping

17% escaped478 total outputs

Data Flows

36 unsanitized

Data Flow Analysis

25 flows36 with unsanitized paths

neoforum_show_new_topic_fields (nf-includes\topics.php:390)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Neoforum Attack Surface

Entry Points64

Unprotected4

AJAX Handlers 63

authwp_ajax_neoforum_order_commitnf-admin\functions.php:77

authwp_ajax_neoforum_close_forumnf-admin\functions.php:116

authwp_ajax_neoforum_restrict_forumnf-admin\functions.php:154

authwp_ajax_neoforum_delete_forumnf-admin\functions.php:191

authwp_ajax_neoforum_create_forumnf-admin\functions.php:207

authwp_ajax_neoforum_recalculate_forumsnf-admin\functions.php:224

authwp_ajax_neoforum_recalculate_usersnf-admin\functions.php:240

authwp_ajax_neoforum_create_sectionnf-admin\functions.php:256

authwp_ajax_neoforum_edit_forum_titlenf-admin\functions.php:284

authwp_ajax_neoforum_edit_forum_descrnf-admin\functions.php:307

authwp_ajax_neoforum_get_moderatorsnf-admin\functions.php:340

authwp_ajax_neoforum_get_can_readnf-admin\functions.php:341

authwp_ajax_neoforum_delete_moderatorsnf-admin\functions.php:376

authwp_ajax_neoforum_delete_can_readnf-admin\functions.php:377

authwp_ajax_neoforum_search_moderatorsnf-admin\functions.php:411

authwp_ajax_neoforum_search_can_readnf-admin\functions.php:412

authwp_ajax_neoforum_add_moderatorsnf-admin\functions.php:484

authwp_ajax_neoforum_add_can_readnf-admin\functions.php:490

authwp_ajax_neoforum_topic_restorenf-admin\functions.php:612

authwp_ajax_neoforum_topic_eradicatenf-admin\functions.php:627

authwp_ajax_neoforum_post_restorenf-admin\functions.php:644

authwp_ajax_neoforum_post_eradicatenf-admin\functions.php:658

authwp_ajax_neoforum_items_restorenf-admin\functions.php:699

authwp_ajax_neoforum_items_eradicatenf-admin\functions.php:735

authwp_ajax_neoforum_delete_all_trashnf-admin\functions.php:750

authwp_ajax_neoforum_report_leave_postnf-admin\functions.php:837

authwp_ajax_neoforum_report_delete_postnf-admin\functions.php:864

authwp_ajax_neoforum_get_ban_menunf-admin\functions.php:888

authwp_ajax_neoforum_ban_usernf-admin\functions.php:912

authwp_ajax_neoforum_unban_usernf-admin\functions.php:931

authwp_ajax_neoforum_make_adminnf-admin\functions.php:952

authwp_ajax_neoforum_remove_adminnf-admin\functions.php:973

authwp_ajax_neoforum_searchnf-admin\functions.php:1097

authwp_ajax_neoforum_search_usersnf-admin\functions.php:1140

authwp_ajax_neoforum_theme_descrnf-admin\functions.php:1153

authwp_ajax_neoforum_mark_as_readnf-includes\forums.php:178

authwp_ajax_neoforum_edit_postnf-includes\posts.php:443

authwp_ajax_neoforum_delete_attachnf-includes\posts.php:470

authwp_ajax_neoforum_delete_postnf-includes\posts.php:493

authwp_ajax_neoforum_delete_postsnf-includes\posts.php:534

authwp_ajax_neoforum_move_postsnf-includes\posts.php:579

authwp_ajax_neoforum_items_deletenf-includes\posts.php:625

authwp_ajax_neoforum_delete_topicnf-includes\topics.php:451

authwp_ajax_neoforum_close_topicnf-includes\topics.php:472

authwp_ajax_neoforum_open_topicnf-includes\topics.php:492

authwp_ajax_neoforum_approve_topicnf-includes\topics.php:512

authwp_ajax_neoforum_unapprove_topicnf-includes\topics.php:532

authwp_ajax_neoforum_sticky_topicnf-includes\topics.php:552

authwp_ajax_neoforum_unsticky_topicnf-includes\topics.php:572

authwp_ajax_neoforum_solved_topicnf-includes\topics.php:592

authwp_ajax_neoforum_subscribenf-includes\topics.php:623

authwp_ajax_neoforum_unsubscribenf-includes\topics.php:653

authwp_ajax_neoforum_notsolved_topicnf-includes\topics.php:673

authwp_ajax_neoforum_move_topicnf-includes\topics.php:715

authwp_ajax_neoforum_get_new_topic_formnf-includes\topics.php:747

authwp_ajax_neoforum_new_topicnf-includes\topics.php:806

authwp_ajax_neoforum_get_forumsnf-includes\topics.php:897

authwp_ajax_neoforum_reportnf-includes\topics.php:924

authwp_ajax_neoforum_commit_reportnf-includes\topics.php:960

authwp_ajax_neoforum_save_contactnf-includes\users.php:622

authwp_ajax_neoforum_save_avatarnf-includes\users.php:681

authwp_ajax_neoforum_delete_avatarnf-includes\users.php:704

authwp_ajax_neoforum_save_usercaptionnf-includes\users.php:736

Shortcodes 1

[neoforum] neoforum.php:77

WordPress Hooks 8

actionplugins_loadedneoforum.php:47

actionin_admin_headerneoforum.php:82

actionadmin_enqueue_scriptsneoforum.php:147

actionadmin_menunf-admin\admin-panel.php:244

actionadmin_initnf-admin\settings.php:189

actionadmin_initnf-admin\settings.php:190

actioninitnf-includes\rewrites.php:20

filterrewrite_rules_arraynf-includes\rewrites.php:21

Maintenance & Trust

Neoforum Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedMay 22, 2019

PHP min version7.2

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Neoforum Alternatives

wpForo Forum

wpforo

B

76

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs

Asgaros Forum

asgaros-forum

B

76

Asgaros Forum is the best forum-plugin for WordPress! It comes with dozens of features in a beautiful design and stays simple and fast.

10K 12 CVEs

Discussion Board – WordPress Forum Plugin

wp-discussion-board

A

96

Discussion Board is a simple, effective way to add a forum or discussion board to your site, helping you build and engage an active community.

2K 3 CVEs

Forumax – AI Powered Advanced Community Forum Plugin

bbp-core

A

98

Build powerful communities with Forumax. A fully standalone, feature-rich forum plugin with voting, private replies, and Elementor integration.

600 2 CVEs

Ultimate Member – ForumWP forum integration

um-forumwp

A

92

Integrate Ultimate Member with the forum plugin ForumWP.

500 No CVEs

Developer Profile

Neoforum Developer Profile

saeros1984

1 plugin · 0 total installs

53

trust score

Avg Security Score

41/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Neoforum

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/neoforum/nf-admin/js/main-page.js/wp-content/plugins/neoforum/nf-admin/js/forums.js/wp-content/plugins/neoforum/nf-admin/js/trash.js/wp-content/plugins/neoforum/nf-admin/js/users.js/wp-content/plugins/neoforum/nf-admin/js/reports.js

Script Paths

nf-admin/js/main-page.jsnf-admin/js/forums.jsnf-admin/js/trash.jsnf-admin/js/users.jsnf-admin/js/reports.js

Version Parameters

neoforum_mainpage_js?ver=0.0.1neoforum_forums_js?ver=0.0.1neoforum_trash_js?ver=0.0.1neoforum_users_js?ver=0.0.1neoforum_reports_js?ver=0.0.1

HTML / DOM Fingerprints

CSS Classes

ne-containerne-panelne-buttonne-bne-ine-une-divider

Data Attributes

neoforum_doFormat

JS Globals

neoforum_globals

Shortcode Output

[neoforum]

FAQ

Neoforum Security & Risk Analysis