Vulnerability Details CVE-2012-6625
SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html
- http://wordpress.org/extend/plugins/forum-server/changelog/
- http://www.securityfocus.com/bid/53530
- https://plugins.trac.wordpress.org/changeset/532918
- http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html
- http://wordpress.org/extend/plugins/forum-server/changelog/
- http://www.securityfocus.com/bid/53530
- https://plugins.trac.wordpress.org/changeset/532918
Products affected by CVE-2012-6625
-
cpe:2.3:a:vasthtml:forumpress:1.0
-
cpe:2.3:a:vasthtml:forumpress:1.1
-
cpe:2.3:a:vasthtml:forumpress:1.2
-
cpe:2.3:a:vasthtml:forumpress:1.3
-
cpe:2.3:a:vasthtml:forumpress:1.4
-
cpe:2.3:a:vasthtml:forumpress:1.5
-
cpe:2.3:a:vasthtml:forumpress:1.5.1
-
cpe:2.3:a:vasthtml:forumpress:1.5.2
-
cpe:2.3:a:vasthtml:forumpress:1.6
-
cpe:2.3:a:vasthtml:forumpress:1.6.2
-
cpe:2.3:a:vasthtml:forumpress:1.6.3
-
cpe:2.3:a:vasthtml:forumpress:1.6.4
-
cpe:2.3:a:vasthtml:forumpress:1.6.5
-
cpe:2.3:a:vasthtml:forumpress:1.6.6
-
cpe:2.3:a:vasthtml:forumpress:1.6.7
-
cpe:2.3:a:vasthtml:forumpress:1.6.8
-
cpe:2.3:a:vasthtml:forumpress:1.6.9
-
cpe:2.3:a:vasthtml:forumpress:1.7
-
cpe:2.3:a:vasthtml:forumpress:1.7.1
-
cpe:2.3:a:vasthtml:forumpress:1.7.2
-
cpe:2.3:a:vasthtml:forumpress:1.7.3
-
cpe:2.3:a:vasthtml:forumpress:1.7.4