Title: Security vulnerability
Last modified: October 31, 2025

---

# Security vulnerability

 *  Resolved [Robin W](https://wordpress.org/support/users/robin-w/)
 * (@robin-w)
 * [5 months, 2 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/)
 * Wordfence say the current version has security issues
 * [bbPress Notify <= 2.19.5 – Reflected Cross-Site Scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bbpress-notify-nospam/bbpress-notify-2195-reflected-cross-site-scripting)

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Author [useStrict](https://wordpress.org/support/users/usestrict/)
 * (@usestrict)
 * [5 months, 2 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18703085)
 * Thanks. I’m looking into it.
 *  [rolfbly](https://wordpress.org/support/users/rolfbly/)
 * (@rolfbly)
 * [4 months, 4 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18728476)
 * Hi, any news on this? 
   Really Simple Security also triggers on this, saying in
   July “The bbPress Notify plugin for WordPress has a security vulnerability in
   versions up to 2.19.**5**“, which is the latest. However, RSS refers to [CVE-2025-49962](https://www.cve.org/CVERecord?id=CVE-2025-49962)
   which is from October updated 13 November, which mentions “bbPress Notify plugin
   <= 2.19.**4**“.
 *  Plugin Author [useStrict](https://wordpress.org/support/users/usestrict/)
 * (@usestrict)
 * [4 months, 4 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18728500)
 * I expect to have the fix out over the weekend.
 *  Plugin Author [useStrict](https://wordpress.org/support/users/usestrict/)
 * (@usestrict)
 * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18729819)
 * Hi [@robin-w](https://wordpress.org/support/users/robin-w/) ,
 * The vulnerabilities have been fixed in version 2.20.
 * Cheers,
   Vinny
 *  Thread Starter [Robin W](https://wordpress.org/support/users/robin-w/)
 * (@robin-w)
 * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18730441)
 * Thanks for that – much appreciated 🙂
 *  [rolfbly](https://wordpress.org/support/users/rolfbly/)
 * (@rolfbly)
 * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18730634)
 * +1 👍

Viewing 6 replies - 1 through 6 (of 6 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-vulnerability-199%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/bbpress-notify-nospam/assets/icon-256x256.png?rev=3449133)
 * [bbPress Notify (No-Spam)](https://wordpress.org/plugins/bbpress-notify-nospam/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/bbpress-notify-nospam/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/bbpress-notify-nospam/)
 * [Active Topics](https://wordpress.org/support/plugin/bbpress-notify-nospam/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bbpress-notify-nospam/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bbpress-notify-nospam/reviews/)

 * 8 replies
 * 3 participants
 * Last reply from: [rolfbly](https://wordpress.org/support/users/rolfbly/)
 * Last activity: [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-199/#post-18730634)
 * Status: resolved