WordPress Plugin Vulnerabilities

bbPress <= 2.5.12 - Unauthenticated SQL Injection

Description

Requires anonymous posting option to be enabled and WordPress version < 4.8.3.

Affects Plugins

Plugin icon
bbpress
Fixed in 2.5.13

References

URL
https://blog.sucuri.net/2017/11/sql-injection-bbpress.html
URL
https://hackerone.com/reports/179920

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4eb0f0ba-e3fb-479c-81b3-c27a78202be8

Timeline

Publicly Published
2017-11-13 (about 8 years ago)
Added
2017-11-14 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-01-19
Title
Mapwiz <= 1.0.1 - Admin+ SQLi
Published
2014-08-01
Title
Related Sites 2.1 - Blind SQL Injection
Published
2023-01-23
Title
WP Review Slider < 12.2 - Subscriber+ SQLi
Published
2025-10-14
Title
WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Authenticated (Admin+) SQL Injection