SQL Injection Vulnerability in ForumPress WP Forum Server Plugin for WordPress
CVE-2012-6625

Currently unrated

Key Information:

Vendor

Wordpress
Status
Forumpress
Vendor
CVE Published:
16 January 2014

What is CVE-2012-6625?

The ForumPress WP Forum Server plugin for WordPress contains a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands. This issue arises from improper validation of the 'groupid' parameter in the 'editgroup' action, potentially compromising the security of affected websites. It is crucial for users of the plugin to upgrade to version 1.7.4 or later to mitigate this risk.

References

http://wordpress.org/extend/plugins/forum-server/changelog/
x_refsource_CONFIRM
https://plugins.trac.wordpress.org/changeset/532918
x_refsource_CONFIRM
http://www.securityfocus.com/bid/53530
vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.