CVE-2025-13126

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions prior to 2.4.13

Description The wpForo Forum plugin for WordPress is susceptible to SQL Injection. Insufficient input sanitization on user-supplied parameters and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries into existing database queries. This could lead to the extraction of sensitive information from the database via the

post args

and

topic args

parameters.

Recommendations Update the wpForo Forum plugin to version 2.4.13 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-13126

Affected Products

Wordpress

Wpforo Forum

CVE-2025-13126

Weakness Enumeration

Related Identifiers

Affected Products

References · 12