CVE-2025-11740

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions through 2.4.9

Description The wpForo Forum plugin for WordPress is susceptible to SQL Injection through the Subscriptions Manager. Insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries allow authenticated attackers with Subscriber-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update the wpForo Forum plugin to a version newer than 2.4.9.