CVE-2025-4203

Name of the Vulnerable Software and Affected Versions wpForo Forum versions prior to 2.4.9

Description The wpForo Forum plugin for WordPress is susceptible to error-based or time-based SQL Injection through the get members() function. This is due to a lack of integer validation on the offset and row count parameters. The function uses esc sql() to interpolate row count into a 'LIMIT offset,row count' clause, instead of ensuring numeric values. MySQL 5.x allows a 'PROCEDURE ANALYSE' clause after a LIMIT clause, which unauthenticated attackers controlling row count can exploit to append a stored-procedure call. This enables error-based or time-based blind SQL injection, potentially allowing extraction of sensitive information from the database.

Recommendations Update wpForo Forum to version 2.4.9 or later.