SQL Injection in bbPress

SQL Injection in bbPress  SQL Injection in bbPress wordpress vulnerability disclosure

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website.

Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug and make the details public.

Continue reading SQL Injection in bbPress at Sucuri Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

*