WP-Safety

Discussion Board – WordPress Forum Plugin Security & Risk Analysis

wordpress.org/plugins/wp-discussion-board

Discussion Board is a simple, effective way to add a forum or discussion board to your site, helping you build and engage an active community.

2K active installs v2.5.8 PHP 7.4+ WP 4.3+ Updated Jan 12, 2026
communitydiscussion-boardforum-pluginsupport-forumwordpress-forum
96
A · Safe
CVEs total3
Unpatched0
Last CVEDec 28, 2025
Plugin page Download
Safety Verdict

Is Discussion Board – WordPress Forum Plugin Safe to Use in 2026?

Generally Safe

Score 96/100

Discussion Board – WordPress Forum Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 28, 2025Updated 2mo ago
Risk Assessment

The "wp-discussion-board" plugin version 2.5.8 presents a mixed security posture. On the positive side, the code demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (88%) of output being properly escaped. The absence of critical or high severity taint flows, along with no findings of unsanitized paths, is also encouraging. However, there are significant concerns. The presence of an unprotected AJAX handler creates a direct entry point for potential unauthorized actions. Furthermore, the plugin has a history of medium severity vulnerabilities, including missing authorization, code injection, and general injection flaws. While there are currently no unpatched CVEs, this history suggests a recurring pattern of security weaknesses that could resurface.

Key Concerns

  • Unprotected AJAX handler
  • History of medium severity CVEs (Missing Auth, Injection)
  • Moderate percentage of unescaped output
Vulnerabilities
3

Discussion Board – WordPress Forum Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-69023medium · 4.3Missing Authorization

Discussion Board <= 2.5.7 - Missing Authorization

Dec 28, 2025 Patched in 2.5.8 (31d)
CVE-2025-8483medium · 6.3Improper Control of Generation of Code ('Code Injection')

Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Oct 24, 2025 Patched in 2.5.6 (1d)
CVE-2023-39161medium · 5.4Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Discussion Board <= 2.4.8 - Authenticated (Subscriber+) Content Injection

Jul 26, 2023 Patched in 2.4.9 (181d)
Code Analysis
Analyzed Mar 16, 2026

Discussion Board – WordPress Forum Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
35
253 escaped
Nonce Checks
7
Capability Checks
6
File Operations
0
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

88% escaped288 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
dismiss_notice_callback (includes\classes\admin\class-admin-notices.php:172)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Discussion Board – WordPress Forum Plugin Attack Surface

Entry Points15
Unprotected1

AJAX Handlers 5

authwp_ajax_dismiss_noticeincludes\classes\admin\class-admin-notices.php:33
authwp_ajax_ctdb_dismiss_noticeincludes\classes\admin\class-admin.php:39
authwp_ajax_update_optout_statusincludes\classes\class-ct-db-notifications.php:33
authwp_ajax_ajax_validationincludes\classes\class-ct-db-registration.php:45
noprivwp_ajax_ajax_validationincludes\classes\class-ct-db-registration.php:46

Shortcodes 10

[discussion_board_form] includes\classes\class-ct-db-front-end.php:48
[discussion_topics] includes\classes\class-ct-db-front-end.php:49
[recent_discussion_topics] includes\classes\class-ct-db-front-end.php:50
[discussion_board_log_in_out] includes\classes\class-ct-db-front-end.php:51
[is_logged_in] includes\classes\class-ct-db-front-end.php:52
[not_logged_in] includes\classes\class-ct-db-front-end.php:53
[new_topic_button] includes\classes\class-ct-db-front-end.php:54
[discussion_board_login_form] includes\classes\class-ct-db-registration.php:48
[discussion_board_login_only] includes\classes\class-ct-db-registration.php:49
[discussion_board_registration_only] includes\classes\class-ct-db-registration.php:50
WordPress Hooks 98
actionadmin_menuincludes\classes\admin\class-admin-getting-started.php:36
actionadmin_initincludes\classes\admin\class-admin-getting-started.php:37
actionadmin_initincludes\classes\admin\class-admin-license.php:58
actionadmin_noticesincludes\classes\admin\class-admin-license.php:127
actionadmin_noticesincludes\classes\admin\class-admin-license.php:139
actionadmin_noticesincludes\classes\admin\class-admin-license.php:151
actionadmin_noticesincludes\classes\admin\class-admin-notices.php:30
actionadmin_noticesincludes\classes\admin\class-admin-notices.php:31
actionadmin_noticesincludes\classes\admin\class-admin-notices.php:32
actionadmin_noticesincludes\classes\admin\class-admin-upgrades.php:51
actionadmin_menuincludes\classes\admin\class-admin.php:30
actionadmin_initincludes\classes\admin\class-admin.php:31
actionadmin_initincludes\classes\admin\class-admin.php:32
actionadmin_initincludes\classes\admin\class-admin.php:33
actionadmin_initincludes\classes\admin\class-admin.php:34
actionadmin_initincludes\classes\admin\class-admin.php:35
actionadmin_enqueue_scriptsincludes\classes\admin\class-admin.php:36
actionadmin_noticesincludes\classes\admin\class-admin.php:37
actionadmin_footerincludes\classes\admin\class-admin.php:38
actionshow_user_profileincludes\classes\admin\class-admin.php:40
actionedit_user_profileincludes\classes\admin\class-admin.php:41
filterplugin_action_links_wp-discussion-board/wp-discussion-board.phpincludes\classes\admin\class-admin.php:42
actionwpdbd_load_assetsincludes\classes\admin\class-admin.php:44
actioninitincludes\classes\class-bootstrap.php:40
actionwpincludes\classes\class-ct-db-front-end.php:33
actionwp_headincludes\classes\class-ct-db-front-end.php:35
filterthe_contentincludes\classes\class-ct-db-front-end.php:37
filterget_comment_textincludes\classes\class-ct-db-front-end.php:40
filtercomments_templateincludes\classes\class-ct-db-front-end.php:41
filtercomment_form_defaultsincludes\classes\class-ct-db-front-end.php:42
filtercomment_form_default_fieldsincludes\classes\class-ct-db-front-end.php:43
filtercomment_reply_linkincludes\classes\class-ct-db-front-end.php:44
filterctdb_filter_archive_content_endincludes\classes\class-ct-db-front-end.php:45
filterctdb_topics_form_before_submitincludes\classes\class-ct-db-front-end.php:46
filterembed_oembed_discoverincludes\classes\class-ct-db-front-end.php:420
filtercomment_form_field_commentincludes\classes\class-ct-db-front-end.php:491
filtercomment_form_submit_fieldincludes\classes\class-ct-db-front-end.php:493
actiontransition_post_statusincludes\classes\class-ct-db-notifications.php:28
filterctdb_filter_single_content_endincludes\classes\class-ct-db-notifications.php:32
actioncomment_postincludes\classes\class-ct-db-notifications.php:35
actiontransition_comment_statusincludes\classes\class-ct-db-notifications.php:36
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:230
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:267
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:290
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:312
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:335
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:349
filterwp_mail_content_typeincludes\classes\class-ct-db-notifications.php:368
filterbody_classincludes\classes\class-ct-db-public.php:29
actioninitincludes\classes\class-ct-db-public.php:32
actioninitincludes\classes\class-ct-db-public.php:34
actioninitincludes\classes\class-ct-db-public.php:35
actionwp_enqueue_scriptsincludes\classes\class-ct-db-public.php:37
actionwp_headincludes\classes\class-ct-db-public.php:38
filtershow_admin_barincludes\classes\class-ct-db-public.php:147
actioninitincludes\classes\class-ct-db-registration.php:35
actioninitincludes\classes\class-ct-db-registration.php:36
actioninitincludes\classes\class-ct-db-registration.php:37
actioninitincludes\classes\class-ct-db-registration.php:38
actioninitincludes\classes\class-ct-db-registration.php:39
filterthe_contentincludes\classes\class-ct-db-registration.php:41
filterdiscussion_board_validate_recaptchaincludes\classes\class-ct-db-registration.php:42
actionwp_login_failedincludes\classes\class-ct-db-registration.php:44
filterthe_contentincludes\classes\class-ct-db-registration.php:1128
filterthe_contentincludes\classes\class-ct-db-registration.php:1175
actioninitincludes\classes\class-ct-db-skins.php:31
filterctdb_filter_single_content_endincludes\classes\class-ct-db-skins.php:33
filtercomments_templateincludes\classes\class-ct-db-skins.php:37
filterctdb_meta_fieldsincludes\classes\class-ct-db-skins.php:39
filterctdb_info_meta_after_authorincludes\classes\class-ct-db-skins.php:41
filterctdb_info_meta_after_classic_metaincludes\classes\class-ct-db-skins.php:42
filtersingle_templateincludes\classes\class-ct-db-template-loader.php:30
filterarchive_templateincludes\classes\class-ct-db-template-loader.php:31
filterget_the_archive_titleincludes\classes\class-ct-db-template-loader.php:32
filterget_the_archive_descriptionincludes\classes\class-ct-db-template-loader.php:33
actioninitincludes\classes\class-ct-db-user.php:30
actionctdb_open_wrapper_singleincludes\functions\functions-layout.php:87
actionctdb_close_wrapper_singleincludes\functions\functions-layout.php:100
actionctdb_open_wrapper_archiveincludes\functions\functions-layout.php:114
actionctdb_close_wrapper_archiveincludes\functions\functions-layout.php:128
actionctdb_email_admin_new_registrationincludes\functions\functions-registration.php:51
filterwp_mail_content_typeincludes\functions\functions-registration.php:71
filterwp_mail_content_typeincludes\functions\functions-registration.php:90
actionctdb_email_user_activation_keyincludes\functions\functions-registration.php:100
filterctdb_author_nameincludes\functions\functions-user.php:66
filterget_comment_author_linkincludes\functions\functions-user.php:100
actioncustomize_registerincludes\helpers\customizer.php:228
actioncustomize_controls_enqueue_scriptsincludes\helpers\customizer.php:271
actionwpdbd_initincludes\helpers\deprecated.php:95
filterwpdbd_general_page_settingsincludes\helpers\deprecated.php:103
filterwpdbd_general_login_settingsincludes\helpers\deprecated.php:111
filterwpdbd_general_moderation_settingsincludes\helpers\deprecated.php:119
filterwpdbd_general_notification_settingsincludes\helpers\deprecated.php:127
filterwpdbd_filter_user_settingsincludes\helpers\deprecated.php:135
actionplugins_loadedwp-discussion-board.php:55
actionplugins_loadedwp-discussion-board.php:77
actionin_plugin_update_message-wp-discussion-board/wp-discussion-board.phpwp-discussion-board.php:88
actionafter_plugin_row_wp-discussion-board/wp-discussion-board.phpwp-discussion-board.php:102
Maintenance & Trust

Discussion Board – WordPress Forum Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 12, 2026
PHP min version7.4
Downloads163K

Community Trust

Rating92/100
Number of ratings43
Active installs2K
Alternatives

Discussion Board – WordPress Forum Plugin Alternatives

Neoforum

Neoforum

neoforum

D
41

Neoforum is full-fledged forum engine for Wordpress, including all standard forum functionality.

0 2 unpatched
wpForo Forum

wpForo Forum

wpforo

B
76

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs
Forumax – AI Powered Advanced Community Forum Plugin

Forumax – AI Powered Advanced Community Forum Plugin

bbp-core

A
98

Build powerful communities with Forumax. A fully standalone, feature-rich forum plugin with voting, private replies, and Elementor integration.

600 2 CVEs
CM Answers – Discussion Forum Plugin for WordPress Q&A

CM Answers – Discussion Forum Plugin for WordPress Q&A

cm-answers

A
97

Discussion Forum Plugin for WordPress Q&A. Build engaging community forums with voting, moderation, notifications, and AI integration.

300 3 CVEs
Simple:Press Forum

Simple:Press Forum

simplepress

A
90

The most versatile and feature-rich forum plugin for WordPress. Create unlimited forums with awesome features directly in your WordPress site.

300 10 CVEs
Developer Profile

Discussion Board – WordPress Forum Plugin Developer Profile

Marketing Fire

4 plugins · 212K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
643 days
View full developer profile
Detection Fingerprints

How We Detect Discussion Board – WordPress Forum Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-discussion-board/assets/css/lib/select2.min.css/wp-content/plugins/wp-discussion-board/assets/js/lib/select2.min.js/wp-content/plugins/wp-discussion-board/assets/js/settings.js/wp-content/plugins/wp-discussion-board/assets/css/admin-style.css
Script Paths
/wp-content/plugins/wp-discussion-board/assets/js/lib/select2.min.js/wp-content/plugins/wp-discussion-board/assets/js/settings.js/wp-content/plugins/wp-discussion-board/assets/css/admin-style.css
Version Parameters
/wp-content/plugins/wp-discussion-board/assets/css/lib/select2.min.css?ver=/wp-content/plugins/wp-discussion-board/assets/js/lib/select2.min.js?ver=/wp-content/plugins/wp-discussion-board/assets/js/settings.js?ver=/wp-content/plugins/wp-discussion-board/assets/css/admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
ctdb-update-message
Data Attributes
data-ctdb-setting-iddata-ctdb-setting-label
JS Globals
configctdb_dismiss_notice
FAQ

Frequently Asked Questions about Discussion Board – WordPress Forum Plugin