There exist multiple vulnerabilities in Mingle Forum plugin for WordPress:
1. There is a SQL injection that reads application data. It is in the RSS feed generator. An attacker can retrieve information from the MySql database by crafting specific URLs.
2. SQL injection is in the edit post functionality. An attacker can retrieve information from the MySql database by crafting specific URLs.
3. Also, there is Auth BYPASS via direct request. An user can view and edit any page by browsing directly for edit post.
Update the plugin.
Found a vulnerability that puts your sites at risk?