CVE-2012-6622

ForumPress < 1.7.4 - Cross-Site Scripting via groupid or usergroup_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6622. PoCs published by Heine Pedersen.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in the WP Forum Server plugin for WordPress. It includes proof-of-concept URLs that exploit unsanitized user input in the 'groupid' and 'usergroup_id' parameters.

Description

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Heine Pedersen · textwebappsphp
https://www.exploit-db.com/exploits/37195

The exploit demonstrates SQL injection and XSS vulnerabilities in the WP Forum Server plugin for WordPress. It includes proof-of-concept URLs that exploit unsanitized user input in the 'groupid' and 'usergroup_id' parameters.

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: WP Forum Server plugin for WordPress 1.7.3
Auth required
Prerequisites: Access to the WordPress admin panel · WP Forum Server plugin installed and activated
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49155
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/extend/plugins/forum-server/changelog/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53530

Scores

EPSS 0.0503
EPSS Percentile 91.2%

Details

CWE
CWE-79
Status published
Products (22)
vasthtml/forumpress 1.0
vasthtml/forumpress 1.1
vasthtml/forumpress 1.2
vasthtml/forumpress 1.3
vasthtml/forumpress 1.4
vasthtml/forumpress 1.5
vasthtml/forumpress 1.5.1
vasthtml/forumpress 1.5.2
vasthtml/forumpress 1.6
vasthtml/forumpress 1.6.2
... and 12 more
Published Jan 16, 2014
Tracked Since Feb 18, 2026