PT-2026-20865 · WordPress · Wpforo Forum
Youssef Elouaer
·
Published
2026-02-19
·
Updated
2026-04-13
·
CVE-2026-1581
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
wpForo Forum plugin versions prior to 2.4.15
Description
The wpForo Forum plugin for WordPress is susceptible to time-based SQL Injection through the
wpfob parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries into existing ones. This can lead to the extraction of sensitive information from the database.Recommendations
Update the wpForo Forum plugin to version 2.4.15 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpforo Forum