CVE-2025-4203

Name of the Vulnerable Software and Affected Versions wpForo Forum versions prior to 2.4.9

Description The wpForo Forum plugin for WordPress is susceptible to error-based or time-based SQL Injection through the

get members()

function. This is due to a lack of integer validation on the

offset

and

row count

parameters. The function uses

esc sql()

to interpolate

row count

into a 'LIMIT offset,row count' clause, instead of ensuring numeric values. MySQL 5.x allows a 'PROCEDURE ANALYSE' clause after a LIMIT clause, which unauthenticated attackers controlling

row count

can exploit to append a stored-procedure call. This enables error-based or time-based blind SQL injection, potentially allowing extraction of sensitive information from the database.

Recommendations Update wpForo Forum to version 2.4.9 or later.