WP-Safety

Ultimate Member – ForumWP forum integration Security & Risk Analysis

wordpress.org/plugins/um-forumwp

Integrate Ultimate Member with the forum plugin ForumWP.

500 active installs v2.1.9 PHP 7.0+ WP 5.5+ Updated Mar 3, 2025
communitydiscussionforumforums
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ultimate Member – ForumWP forum integration Safe to Use in 2026?

Generally Safe

Score 92/100

Ultimate Member – ForumWP forum integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The static analysis of um-forumwp v2.1.9 reveals a generally positive security posture with no identified attack surface entry points, dangerous functions, or taint flows. The absence of file operations and external HTTP requests further reduces potential risks. However, a significant concern arises from the single SQL query which is not using prepared statements, indicating a potential for SQL injection vulnerabilities if user input is not meticulously sanitized before being passed to this query. Furthermore, the limited output escaping (only 54% properly escaped) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities if dynamic content is not consistently escaped before rendering. The vulnerability history being completely clean is a strong positive indicator, suggesting the developers have a history of producing secure code. Despite the lack of known CVEs, the identified coding practices around SQL queries and output escaping necessitate attention to mitigate potential risks.

Key Concerns

  • SQL query not using prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Ultimate Member – ForumWP forum integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ultimate Member – ForumWP forum integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
18
21 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

54% escaped39 total outputs
Attack Surface

Ultimate Member – ForumWP forum integration Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 47
filterum_account_notifications_tab_enabledincludes\core\class-account.php:19
filterum_account_page_default_tabs_hookincludes\core\class-account.php:20
filterum_account_content_hook_notificationsincludes\core\class-account.php:21
actionum_post_account_updateincludes\core\class-account.php:23
filterum_admin_role_metaboxesincludes\core\class-forumwp-admin.php:20
filterum_is_ultimatememeber_admin_screenincludes\core\class-forumwp-admin.php:21
actionadd_meta_boxesincludes\core\class-forumwp-admin.php:23
actionum_admin_custom_restrict_content_metaboxesincludes\core\class-forumwp-admin.php:24
filterum_profile_completeness_roles_metabox_fieldsincludes\core\class-forumwp-admin.php:26
filterum_profile_completeness_get_progress_resultincludes\core\class-forumwp-permissions.php:21
filterum_profile_completeness_profile_progress_defaultsincludes\core\class-forumwp-permissions.php:22
filterfmwp_user_can_create_topicincludes\core\class-forumwp-permissions.php:24
filterfmwp_user_can_create_replyincludes\core\class-forumwp-permissions.php:25
filterfmwp_reply_disabled_reply_textincludes\core\class-forumwp-permissions.php:26
filterfmwp_create_topic_disabled_textincludes\core\class-forumwp-permissions.php:27
filterum_profile_tabsincludes\core\class-forumwp-profile.php:21
filterum_user_profile_tabsincludes\core\class-forumwp-profile.php:22
filterfmwp_user_display_nameincludes\core\class-forumwp-profile.php:24
filterfmwp_user_profile_linkincludes\core\class-forumwp-profile.php:26
filterum_user_profile_subnav_linkincludes\core\class-forumwp-profile.php:27
actionum_profile_content_forumwp_defaultincludes\core\class-forumwp-profile.php:31
actionum_profile_content_forumwp_topicsincludes\core\class-forumwp-profile.php:33
actionum_profile_content_forumwp_repliesincludes\core\class-forumwp-profile.php:34
actionum_profile_content_forumwp_subscriptionsincludes\core\class-forumwp-profile.php:35
actionum_profile_content_forumwp_bookmarksincludes\core\class-forumwp-profile.php:36
actionum_profile_content_forumwp_likesincludes\core\class-forumwp-profile.php:37
actionwp_enqueue_scriptsincludes\core\class-forumwp-profile.php:39
filterum_activity_global_actionsincludes\core\class-integrations.php:21
filterum_notifications_core_log_typesincludes\core\class-integrations.php:24
filterum_notifications_get_iconincludes\core\class-integrations.php:25
actionsave_postincludes\core\class-integrations.php:27
actionsave_postincludes\core\class-integrations.php:28
actionfmwp_before_restore_replyincludes\core\class-integrations.php:31
actionfmwp_after_restore_replyincludes\core\class-integrations.php:32
filterfmwp_subscription_notice_disabledincludes\core\class-integrations.php:40
filterplugins_loadedincludes\core\um-forumwp-init.php:30
filterum_call_object_ForumWPincludes\core\um-forumwp-init.php:32
filterum_settings_default_valuesincludes\core\um-forumwp-init.php:33
filterum_override_templates_scan_filesincludes\core\um-forumwp-init.php:35
filterum_override_templates_get_template_path__um-forumwpincludes\core\um-forumwp-init.php:36
actionplugins_loadedincludes\core\um-forumwp-init.php:172
actioninitum-forumwp.php:42
actionplugins_loadedum-forumwp.php:45
actionadmin_noticesum-forumwp.php:56
actionadmin_noticesum-forumwp.php:73
actionadmin_noticesum-forumwp.php:81
actionadmin_noticesum-forumwp.php:90
Maintenance & Trust

Ultimate Member – ForumWP forum integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 3, 2025
PHP min version7.0
Downloads32K

Community Trust

Rating20/100
Number of ratings6
Active installs500
Alternatives

Ultimate Member – ForumWP forum integration Alternatives

Asgaros Forum

Asgaros Forum

asgaros-forum

B
76

Asgaros Forum is the best forum-plugin for WordPress! It comes with dozens of features in a beautiful design and stays simple and fast.

10K 12 CVEs
Simple:Press Forum

Simple:Press Forum

simplepress

A
90

The most versatile and feature-rich forum plugin for WordPress. Create unlimited forums with awesome features directly in your WordPress site.

300 10 CVEs
bbPress

bbPress

bbpress

A
91

bbPress is forum software for WordPress.

100K 6 CVEs
wpForo Forum

wpForo Forum

wpforo

B
76

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs
Discussion Board – WordPress Forum Plugin

Discussion Board – WordPress Forum Plugin

wp-discussion-board

A
96

Discussion Board is a simple, effective way to add a forum or discussion board to your site, helping you build and engage an active community.

2K 3 CVEs
Developer Profile

Ultimate Member – ForumWP forum integration Developer Profile

Mykyta Synelnikov

5 plugins · 29K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Member – ForumWP forum integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/um-forumwp/assets/css/um-forumwp.css/wp-content/plugins/um-forumwp/assets/css/um-forumwp.min.css
Version Parameters
um-forumwp/assets/css/um-forumwp

HTML / DOM Fingerprints

CSS Classes
um-faicon-comments
Data Attributes
data-um-formdata-noncedata-userdata-form_id
JS Globals
UM_FORUMWP
REST Endpoints
/wp-json/um-forumwp/v1/topics/wp-json/um-forumwp/v1/replies/wp-json/um-forumwp/v1/subscriptions/wp-json/um-forumwp/v1/bookmarks/wp-json/um-forumwp/v1/likes/wp-json/um-forumwp/v1/profile/wp-json/um-forumwp/v1/notifications
Shortcode Output
[forumwp_topics][forumwp_replies][forumwp_new_topic][forumwp_new_reply]
FAQ

Frequently Asked Questions about Ultimate Member – ForumWP forum integration