What the vulnerability does
01Description
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
Explanation of Vulnerability in Simple Terms
wpForo Forum versions up to 3.0.4 contain a SQL injection vulnerability in database query handling. An attacker can craft malicious input to extract sensitive data from the forum database, including user credentials and private messages. No authentication is required. The vulnerability also impacts site availability.
What an attacker can do
Extract sensitive data from the forum database without logging in.
Potential impact on your site
Forum user data, credentials, and private messages can be stolen; site may become unavailable.
Conditions required to exploit
Network access to the forum; no authentication required.
Key dates
External resources
Related vulnerabilities