Description
WordPress Plugin WP Forum Server is prone to an SQL injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WP Forum Server version 1.7.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.5 or latest
References
Related Vulnerabilities
WordPress Plugin BuddyPress Security Bypass (5.1.0)
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)
WordPress Plugin Contact Form Email Multiple Vulnerabilities (1.2.65)
WordPress Plugin BulletProof Security Multiple Cross-Site Scripting Vulnerabilities (.53.2)
WordPress Plugin Ultimate Maps by Supsystic SQL Injection (1.1.12)