CVE-2026-1581

🗓️ 19 Feb 2026 16:24:55Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 25 Views🌐 WEB

Unauthenticated time based SQL injection in wpForo Forum up to 2.4.14 via wpfob parameter.

Reporter	Title	Published	Views	Family All 12
GithubExploit	Exploit for CVE-2026-1581	27 Feb 202613:52	–	githubexploit
Circl	CVE-2026-1581	19 Feb 202618:02	–	circl
CNNVD	WordPress plugin wpForo Forum SQL注入漏洞	19 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-1581 wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection	19 Feb 202616:24	–	cvelist
Nuclei	wpForo Forum <= 2.4.14 - SQL Injection	23 Jun 202605:08	–	nuclei
NVD	CVE-2026-1581	19 Feb 202617:24	–	nvd
Patchstack	WordPress wpForo Forum plugin <= 2.4.14 - Unauthenticated Time-Based SQL Injection vulnerability	20 Feb 202607:32	–	patchstack
Positive Technologies	PT-2026-20865	19 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1581	20 Feb 202619:39	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2026-1581	20 Feb 202600:00	–	vulncheck_kev

Vulners

Node

tomdever wpforo_forumRange≤2.4.14wordpress

[
  {
    "vendor": "tomdever",
    "product": "wpForo Forum",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.4.14",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/wpforo/trunk/classes/Topics.php
plugins	www.plugins.trac.wordpress.org/browser/wpforo/trunk/wpforo.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/4c447dbb-f8fb-4b46-9c47-20ab7330bbaa
plugins	www.plugins.trac.wordpress.org/changeset/3459801/

Parameter	Position	Path	Description	CWE
wpfob	query param	community/recent/	Time-based SQL injection via wpfob parameter on wpForo Recent page, leading to delayed responses in vulnerable versions.	CWE-89

17 Jun 2026 10:16Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.5

EPSS0.01727

SSVC