CVE-2008-0388

Name of the Vulnerable Software and Affected Versions WP-Forum plugin for WordPress version 1.7.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the user parameter in a showprofile action to the default URI.

Recommendations For WP-Forum plugin for WordPress version 1.7.4, consider updating to a newer version that addresses this issue, as using the user parameter in the affected API endpoint can pose a significant risk. As a temporary workaround, restrict access to the showprofile action to minimize the risk of exploitation.