ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Mingle Forum Plugin <= 1.0.26 - Multiple Vulnerabilities

Product
Mingle Forum
Description
There exist multiple vulnerabilities in Mingle Forum plugin for WordPress: 1. There is a SQL injection that reads application data. It is in the RSS feed generator. An attacker can retrieve information from the MySql database by crafting specific URLs. 2. SQL injection is in the edit post functionality. An attacker can retrieve information from the MySql database by crafting specific URLs. 3. Also, there is Auth BYPASS via direct request. An user can view and edit any page by browsing directly for edit post.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.26
Fixed In 1.0.27
Disclosure date
2011-01-08
Credits
Charles Hooper