First published: Mon Jan 24 2022(Updated: )
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
<1.15.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-25045 is a vulnerability in the Asgaros Forum WordPress plugin before version 1.15.15 that allows SQL injection.
CVE-2021-25045 affects the Asgaros Forum WordPress plugin before version 1.15.15 by not properly validating or escaping the forum_id parameter, which can lead to an SQL injection issue.
CVE-2021-25045 has a severity rating of 7.2, which is considered high.
To fix CVE-2021-25045, you should update the Asgaros Forum WordPress plugin to version 1.15.15 or later.
Sure, you can find more information about CVE-2021-25045 in the official plugin changeset (https://plugins.trac.wordpress.org/changeset/2642215) and the WPScan vulnerability report (https://wpscan.com/vulnerability/c60a3d40-449c-4c84-8d13-68c04267c1d7).