Description

WordPress Plugin Mingle Forum is prone to multiple SQL injection vulnerabilities and a security-bypass vulnerability because it fails to adequately sanitize user-supplied input. Exploiting the security-bypass issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The attacker can exploit the SQL-injection issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This may compromise the application and may aid in further attacks. WordPress Plugin Mingle Forum versions 1.0.24 and 1.0.26 are vulnerable; other versions may also be affected.

Remediation

Update to plugin version 1.0.27 or latest

References

Related Vulnerabilities