← Back
2025-11-01 5:40CVE-2025-11740Wordfence
PUBLISHED5.2CWE-89

wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Problem type

Affected products

tomdever

wpForo Forum

<= 2.4.9 - AFFECTED

References

wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728?source=cve

plugins.trac.wordpress.org

https://plugins.trac.wordpress.org/changeset/3386327/wpforo/tags/2.4.10/modules/subscriptions/Subscriptions.php?old=3380558&old_path=wpforo%2Ftags%2F2.4.9%2Fmodules%2Fsubscriptions%2FSubscriptions.php

GitHub Security Advisories

GHSA-wf5q-4vh3-9chv

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions...

https://github.com/advisories/GHSA-wf5q-4vh3-9chv

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-11740

plugins.trac.wordpress.org

https://plugins.trac.wordpress.org/changeset/3386327/wpforo/tags/2.4.10/modules/subscriptions/Subscriptions.php?old=3380558&old_path=wpforo%2Ftags%2F2.4.9%2Fmodules%2Fsubscriptions%2FSubscriptions.php

wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728?source=cve

github.com

https://github.com/advisories/GHSA-wf5q-4vh3-9chv

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-11740",
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "dateUpdated": "2025-11-01T05:40:24.041Z",
    "dateReserved": "2025-10-14T13:48:26.927Z",
    "datePublished": "2025-11-01T05:40:24.041Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence",
        "dateUpdated": "2025-11-01T05:40:24.041Z"
      },
      "title": "wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
        }
      ],
      "affected": [
        {
          "vendor": "tomdever",
          "product": "wpForo Forum",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "*",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "2.4.9"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1eaac2-a23b-4ef6-803a-15f7ec7e5728?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3386327/wpforo/tags/2.4.10/modules/subscriptions/Subscriptions.php?old=3380558&old_path=wpforo%2Ftags%2F2.4.9%2Fmodules%2Fsubscriptions%2FSubscriptions.php"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-10-14T14:03:39.000+00:00",
          "lang": "en",
          "value": "Vendor Notified"
        },
        {
          "time": "2025-10-31T00:00:00.000+00:00",
          "lang": "en",
          "value": "Disclosed"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "JEONG YU CHAN",
          "type": "finder"
        }
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-11740