Refresh

**Name of the Vulnerable Software and Affected Versions** WP-Forum plugin for WordPress version 1.7.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user` parameter in a `showprofile` action to the default URI. **Recommendations** For WP-Forum plugin for WordPress version 1.7.4, consider updating to a newer version that addresses this issue, as using the `user` parameter in the affected API endpoint can pose a significant risk. As a temporary workaround, restrict access to the `showprofile` action to minimize the risk of exploitation.