WordPress Plugin Vulnerabilities

WP Forum Server 1.6.5 - index.php Multiple Parameter SQL Injection

Description

The WP Forum Server WordPress plugin was affected by an index.php Multiple Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
forum-server
No known fix

References

CVE
CVE-2011-1047
Exploitdb
16235

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
dc568ad8-f8d8-4c2a-ae42-a4f68be4fb0a

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-01-18
Title
LTL Freight Quotes – Worldwide Express Edition < 5.0.21 - Unauthenticated SQL Injection
Published
2025-10-02
Title
WP Dispatcher <= 1.2.0 - Authenticated (Contributor+) SQL Injection
Published
2015-02-13
Title
Calendar by WD < 1.4.14 - Unauthenticated SQL Injection
Published
2025-09-09
Title
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net < 1.117.6 - Authenticated (Contributor+) SQL Injection via order_by Parameter
Published
2022-10-03
Title
Blog2Social < 6.9.10 - Subscriber+ SQLi