Multiple Cross-Site Scripting Vulnerabilities in ForumPress WP Forum Server Plugin
CVE-2012-6622

Currently unrated

Key Information:

Vendor: Wordpress
Status: Forumpress
Vendor: CVE Published:; 16 January 2014

Summary

The ForumPress WP Forum Server plugin has multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary web scripts or HTML. Specifically, these vulnerabilities can be exploited through the 'groupid' parameter during the edit group action and the 'usergroup_id' parameter during the edit user group action. This poses significant security risks to users of the plugin, emphasizing the necessity of updating to the latest version to maintain the integrity of web applications.

References

http://secunia.com/advisories/49155

third-party-advisoryx_refsource_SECUNIA

http://wordpress.org/extend/plugins/forum-server/changelog/

x_refsource_CONFIRM

https://plugins.trac.wordpress.org/changeset/532918

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Jan 16, 2014