SQL Injection Vulnerabilities in Mingle Forum Plugin for WordPress
CVE-2013-0735

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mingle-forum
Vendor: CVE Published:; 2 April 2014

Summary

The Mingle Forum plugin for WordPress contains multiple SQL injection vulnerabilities in the wpf.class.php file, affecting versions prior to 1.0.34. These vulnerabilities permit remote attackers to execute arbitrary SQL commands by manipulating the id parameter in various actions such as viewtopic, remove_post, sticky, or closed, as well as in the postreply action to index.php. This can lead to unauthorized access to the database and compromise the application's integrity.

References

http://secunia.com/advisories/52167

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/90434

vdb-entryx_refsource_OSVDB

http://secunia.com/secunia_research/2013-4

x_refsource_MISC

Timeline

Vulnerability published
Apr 2, 2014
Vulnerability Reserved
Jan 2, 2013