SQL Injection Vulnerability in Mingle Forum Plugin for WordPress
CVE-2012-5327

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mingle-forum
Vendor: CVE Published:; 8 October 2012

Summary

Multiple SQL injection vulnerabilities exist in the Mingle Forum plugin for WordPress that allow remote authenticated users to manipulate database queries. This occurs through unvalidated parameters in actions such as delete_usergroups, add_user_togroup, and add_forum_submit, potentially leading to unauthorized access and data exposure. It is crucial for users of affected versions to update to the latest version to mitigate these risks.

References

http://wordpress.org/extend/plugins/mingle-forum/changelog/

x_refsource_CONFIRM

http://plugins.trac.wordpress.org/changeset?reponame=&new...

x_refsource_CONFIRM

http://packetstormsecurity.org/files/view/108915/wpmingle...

x_refsource_MISC

Timeline

Vulnerability published
Oct 8, 2012
Vulnerability Reserved
Oct 8, 2012