This host is installed with WordPress WP Forum Server plugin and is prone to SQL injection vulnerability.

Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information. Impact Level: Application

Upgrade to WP Forum Server Wordpress plugin version 1.6.6 or later. For updates refer to http://wordpress.org/extend/plugins/forum-server/

The flaws are caused by improper validation of user-supplied input via the 'topic' parameter to '/wp-content/plugins/forum-server/feed.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code.

WP Forum Server Wordpress plugin 1.6.5

• http://packetstormsecurity.org/files/view/98715/
• http://www.exploit-db.com/exploits/16235/
• http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html

---

Updated on 2015-03-25