All Content Management Systems: Web Progress Report

« The 10 reasons why you should touch XOOPS Cube
WordPress Theme Releases for 1 / 21 »

January 21st, 2008

WP-Forum Plugin Security Bulletin

If you are currently using the latest release of the WP-Forum plugin, listen up. The websec security team has discovered a vulnerability within this plugin that can be exploited by malicious users to conduct SQL injection attacks. According to Secunia:

Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a page with the “<!–WPFORUM–>” tag) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability when exploited successfully allows the individual to retrieve usernames, password hashes, and email addresses for all users, including administrators. However, the user has to have knowledge of the proper database table prefix. This vulnerability has been confirmed in version 1.7.4 which is currently the most recent version available for download.

Description:

WP-Forum is a WordPress plugin that enables you to have a forum directly attached to your WordPress installation. The plugin is based on Simple Forum.

[EDIT] We wish the plugin author was notified of the vulnerability and given a chance to fix it, but there was no mention of it in the advisory. So until a fix is released, we suggest that the plugin is disabled and removed.

[EDIT] As pointed out in the comments, not the same as Simple Forum WP Plugin.

Related CMS news:

Posted on Monday, January 21st, 2008. Filed under Wordpress. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>