cleantalk
Vulnerabilities and Security Researches

WP Forum Server, CVE-2011-1047

CVE, Research URL

CVE-2011-1047

Home page URL

Security reports for WP Forum Server

Application

WP Forum Server

Published on
Feb 22, 2011
Research Description
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
Affected versions
Min -, max 1.8.
Status
vulnerable
Previous vulnerability researches
WP Forum Server (CVE-2012-6622) , Jun 07, 2024
WP Forum Server (CVE-2012-6623) , Jun 07, 2024
WP Forum Server (CVE-2011-1047) , Jun 07, 2024
WP Forum Server (CVE-2012-6625) , Jun 07, 2024
WP Forum Server (CVE-2025-53306) , Jul 02, 2025
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025