WordPress Mingle Forum Plugin <= 1.0.26 - Multiple Vulnerabilities

mingle-forum

Software
Mingle Forum
Versions
<= 1.0.26
Disclosure date
2011-01-08
CVE
CVE-N/A
References
Credits
Classification
Multiple Vulnerabilities
OWASP Top 10

Are your websites subject to this vulnerability?

Details

There exist multiple vulnerabilities in Mingle Forum plugin for WordPress: 1. There is a SQL injection that reads application data. It is in the RSS feed generator. An attacker can retrieve information from the MySql database by crafting specific URLs. 2. SQL injection is in the edit post functionality. An attacker can retrieve information from the MySql database by crafting specific URLs. 3. Also, there is Auth BYPASS via direct request. An user can view and edit any page by browsing directly for edit post.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.