Comments on: WP-Forum 1.7.4 SQL Injection

By: BlogSecurity » Blog Archive » Old WP-Forum Vulnerability Gets Disclosed

Tue, 27 Jan 2009 00:14:14 +0000

[...] The plugins homepage is already on version 2.2. This means this vulnerability was probably discovered shortly after the initial version 1.7.4 vulnerability reported by BlogSecurity in early 2008. [...]

By: Philipp

Philipp — Thu, 26 Jun 2008 07:08:46 +0000

We’ve no newer version Spotted of this Plugin. Anyway his forum seems to run with a newer version of the Plugin. Anyway you could patch that hole by yourself.

By: Kai

Kai — Wed, 25 Jun 2008 16:34:04 +0000

Any fix for this yet….?

By: Mike

Mike — Sun, 03 Feb 2008 22:00:22 +0000

Any news?..

By: MustLive

MustLive — Thu, 31 Jan 2008 17:26:00 +0000

Philipp and David, the html tags is not properly sanitized in this post ;-) (look at “with the “” tag” phrase). You need to fix it.

P.S.

ryan, you can fix this hole by yourself, if you don’t want to wait for official fix. Because it’s common for developers to fix holes in their software not very fast.

By: Trevor Carpenter

Trevor Carpenter — Tue, 29 Jan 2008 22:34:34 +0000

@ryan. I have a fix for this…

I uninstalled WP-forum and installed a real forum, phpbb.

By: DK

DK — Thu, 24 Jan 2008 11:09:27 +0000

ryan, I haven’t seen any official fix yet.

By: ryan

ryan — Thu, 24 Jan 2008 11:00:27 +0000

does anybody know of a fix for this yet? I’d like to get my forums back up.

By: DK

DK — Tue, 22 Jan 2008 20:24:45 +0000

WordPress really need to step up and provide SQL safe functions!