SQL Injection Vulnerability in Mingle Forum Plugin for WordPress
CVE-2012-5328

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mingle-forum
Vendor: CVE Published:; 8 October 2012

Summary

The Mingle Forum plugin for WordPress contains multiple SQL injection vulnerabilities that can be exploited by remote authenticated users. Attackers can execute arbitrary SQL commands through specific parameters such as memberid, groupid in removemember actions, the id parameter in fs-admin, or edit_forum_id in an edit_save_forum action. These vulnerabilities can potentially lead to unauthorized access to database information, making it vital for users to update to the patched version to safeguard their WordPress installations.

References

http://wordpress.org/extend/plugins/mingle-forum/changelog/

x_refsource_CONFIRM

http://plugins.trac.wordpress.org/changeset?reponame=&new...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 8, 2012