SQL Injection Vulnerability in ForumPress WP Forum Server Plugin for WordPress
CVE-2012-6625

Currently unrated

Key Information:

Vendor: Wordpress
Status: Forumpress
Vendor: CVE Published:; 16 January 2014

Summary

The ForumPress WP Forum Server plugin for WordPress contains a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands. This issue arises from improper validation of the 'groupid' parameter in the 'editgroup' action, potentially compromising the security of affected websites. It is crucial for users of the plugin to upgrade to version 1.7.4 or later to mitigate this risk.

References

http://wordpress.org/extend/plugins/forum-server/changelog/

x_refsource_CONFIRM

https://plugins.trac.wordpress.org/changeset/532918

x_refsource_CONFIRM

http://www.securityfocus.com/bid/53530

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Jan 16, 2014