3 matches found
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...
CVE-2025-4203
This CVE refers to wpForo Forum (WordPress) ≤ 2.4.8, exposed to error-based or time-based SQL Injection via get_members due to missing integer validation on offset and row_count. The code interpolates row_count into LIMIT offset,row_count using esc_sql(), allowing attacker-controlled input to tri...
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...