SQL Injection in bbPress

by Marc-Alexandre Montpas
Nov. 14, 2017 0 comments blog.sucuri.net Pen Testing & Audits bbPress sql injection

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug and make the details public.

https://blog.sucuri.net/2017/11/sql-injection-bbpress.html