PT-2025-51145 · WordPress · Wpforo Forum+1
Published
2025-12-14
·
Updated
2025-12-19
·
CVE-2025-13126
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
wpForo Forum plugin for WordPress versions prior to 2.4.13
Description
The wpForo Forum plugin for WordPress is susceptible to SQL Injection. Insufficient input sanitization on user-supplied parameters and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries into existing database queries. This could lead to the extraction of sensitive information from the database via the
post args and topic args parameters.Recommendations
Update the wpForo Forum plugin to version 2.4.13 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress
Wpforo Forum