CVE-2012-6623

Name of the Vulnerable Software and Affected Versions ForumPress WP Forum Server plugin versions prior to 1.7.5

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an 'addforum' action to 'wp-admin/admin.php'.

Recommendations For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'addforum' action in 'wp-admin/admin.php' to minimize the risk of exploitation. Avoid using the groupid parameter in the affected API endpoint until the issue is resolved.